summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filefield.module92
1 files changed, 50 insertions, 42 deletions
diff --git a/filefield.module b/filefield.module
index 5e6dba1..91ca53c 100644
--- a/filefield.module
+++ b/filefield.module
@@ -138,54 +138,62 @@ function filefield_file_download($filepath) {
return;
}
- // Find out if any file field contains this file, and if so, which field
- // and node it belongs to. Required for later access checking.
- $cck_files = array();
- foreach (content_fields() as $field) {
- if ($field['type'] == 'filefield' || $field['type'] == 'image') {
- $db_info = content_database_info($field);
- $table = $db_info['table'];
- $fid_column = $db_info['columns']['fid']['column'];
-
- $columns = array('vid', 'nid');
- foreach ($db_info['columns'] as $property_name => $column_info) {
- $columns[] = $column_info['column'] .' AS '. $property_name;
- }
- $result = db_query("SELECT ". implode(', ', $columns) ."
- FROM {". $table ."}
- WHERE ". $fid_column ." = %d", $file->fid);
+ // See if this is a file on a newly created node, on which the user who
+ // uploaded it will immediately have access.
+ $new_node_file = $file->status == 0 && isset($_SESSION['filefield_access']) && in_array($file->fid, $_SESSION['filefield_access']);
+ if ($new_node_file) {
+ $denied = FALSE;
+ }
+ // Loop through all fields and find if this file is used by FileField.
+ else {
+ // Find out if any file field contains this file, and if so, which field
+ // and node it belongs to. Required for later access checking.
+ $cck_files = array();
+ foreach (content_fields() as $field) {
+ if ($field['type'] == 'filefield' || $field['type'] == 'image') {
+ $db_info = content_database_info($field);
+ $table = $db_info['table'];
+ $fid_column = $db_info['columns']['fid']['column'];
+
+ $columns = array('vid', 'nid');
+ foreach ($db_info['columns'] as $property_name => $column_info) {
+ $columns[] = $column_info['column'] .' AS '. $property_name;
+ }
+ $result = db_query("SELECT ". implode(', ', $columns) ."
+ FROM {". $table ."}
+ WHERE ". $fid_column ." = %d", $file->fid);
- while ($content = db_fetch_array($result)) {
- $content['field'] = $field;
- $cck_files[$field['field_name']][$content['vid']] = $content;
+ while ($content = db_fetch_array($result)) {
+ $content['field'] = $field;
+ $cck_files[$field['field_name']][$content['vid']] = $content;
+ }
}
}
- }
- // If no file field item is involved with this file, we don't care about it,
- // unless it's a newly uploaded image that isn't yet associated with a field.
- if (empty($cck_files) && !($file->status == 0 && isset($_SESSION['filefield_access']) && in_array($file->fid, $_SESSION['filefield_access']))) {
- return;
- }
+ // If no file field item is involved with this file, we don't care about it.
+ if (empty($cck_files)) {
+ return;
+ }
- // So the overall field view permissions are not denied, but if access is
- // denied for ALL nodes containing the file, deny the download as well.
- // Node access checks also include checking for 'access content'.
- $nodes = array();
- $denied = TRUE;
- foreach ($cck_files as $field_name => $field_files) {
- foreach ($field_files as $revision_id => $content) {
- // Checking separately for each revision is probably not the best idea -
- // what if 'view revisions' is disabled? So, let's just check for the
- // current revision of that node.
- if (isset($nodes[$content['nid']])) {
- continue; // Don't check the same node twice.
- }
- if (($node = node_load($content['nid'])) && (node_access('view', $node) && filefield_view_access($field_name))) {
- $denied = FALSE;
- break 2;
+ // So the overall field view permissions are not denied, but if access is
+ // denied for ALL nodes containing the file, deny the download as well.
+ // Node access checks also include checking for 'access content'.
+ $nodes = array();
+ $denied = TRUE;
+ foreach ($cck_files as $field_name => $field_files) {
+ foreach ($field_files as $revision_id => $content) {
+ // Checking separately for each revision is probably not the best idea -
+ // what if 'view revisions' is disabled? So, let's just check for the
+ // current revision of that node.
+ if (isset($nodes[$content['nid']])) {
+ continue; // Don't check the same node twice.
+ }
+ if (($node = node_load($content['nid'])) && (node_access('view', $node) && filefield_view_access($field_name))) {
+ $denied = FALSE;
+ break 2;
+ }
+ $nodes[$content['nid']] = $node;
}
- $nodes[$content['nid']] = $node;
}
}