Skip to content

Commit 5f0b150

Browse files
mantisdregad
authored andcommitted
Incorrect access check on attachment downloads
Even if config variables $g_download_attachments_threshold and $g_view_attachments_threshold are set to 55 (developer), users with lower privileges can download attachments. Fixes #17742 Signed-off-by: Damien Regad <dregad@mantisbt.org>
1 parent 49c3d08 commit 5f0b150

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: core/file_api.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -120,8 +120,8 @@ function file_can_view_bug_attachments( $p_bug_id, $p_uploader_user_id = null )
120120
# Check if the current user can download attachments for the specified bug.
121121
function file_can_download_bug_attachments( $p_bug_id, $p_uploader_user_id = null ) {
122122
$t_uploaded_by_me = auth_get_current_user_id() === $p_uploader_user_id;
123-
$t_can_download = access_has_bug_level( config_get( 'download_attachments_threshold' ), $p_bug_id );
124-
$t_can_download = $t_can_download || ( $t_uploaded_by_me && config_get( 'allow_download_own_attachments' ) );
123+
$t_can_download = access_has_bug_level( config_get( 'download_attachments_threshold', null, null, bug_get_field( $p_bug_id, 'project_id' ) ), $p_bug_id );
124+
$t_can_download = $t_can_download || ( $t_uploaded_by_me && config_get( 'allow_download_own_attachments', null, null, bug_get_field( $p_bug_id, 'project_id' ) ) );
125125
return $t_can_download;
126126
}
127127

0 commit comments

Comments
 (0)