diff options
| author |   Joas Schilling <nickvergessen@gmx.de> | 2014-02-10 12:17:28 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2014-02-10 12:56:45 +0100 |
| commit | ee1c055b7048e55aed91b3ec56cca01e9fc485d3 (patch) | |
| tree | 0671e447d8da16c6e57017a9cbb1190ad1b52262 /phpBB/includes/functions_download.php | |
| parent | [ticket/12171] Check post visibility before being able to download attachments (diff) | |
| download | phpbb-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.tar.gz phpbb-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.tar.bz2 phpbb-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.zip | |
[ticket/12171] Send correct status 403 when forbidden and 404 when not found
PHPBB3-12171
Diffstat (limited to 'phpBB/includes/functions_download.php')
| -rw-r--r-- | phpBB/includes/functions_download.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index e17fe9de61..c895f7b54b 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -640,10 +640,14 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id) $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if ($row && ($row['topic_visibility'] == ITEM_APPROVED || $auth->acl_get('m_approve', $row['forum_id'])) - && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id'])) { - if ($row && $row['forum_password']) + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); + } + else if ($row && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + { + if ($row['forum_password']) { // Do something else ... ? login_forum_box($row); |