github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-21 22:03:49 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

feat(view_torrent.php): Added checking auth to download (#2067)
Some checks are pending
Continuous Integration / Nightly builds 📦 (push) Waiting to run
Details
Continuous Integration / 🎉 Deploy (push) Waiting to run
Details
PHPMD / Run PHPMD scanning (push) Waiting to run
Details

Browse source 
* feat(view_torrent.php): Added checking auth to download

* Update view_torrent.php
This commit is contained in:
Roman Kelesidis 2025-07-30 19:41:50 +03:00 committed by GitHub
commit 7e38c5b63c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

17
library/ajax/view_torrent.php
View file

@ -11,18 +11,30 @@ if (!defined('IN_AJAX')) {
die(basename(__FILE__)); die(basename(__FILE__));
} }
global $lang; global $lang, $userdata;
if (!isset($this->request['attach_id'])) { if (!isset($this->request['attach_id'])) {
$this->ajax_die($lang['EMPTY_ATTACH_ID']); $this->ajax_die($lang['EMPTY_ATTACH_ID']);
} }
$attach_id = (int)$this->request['attach_id']; $attach_id = (int)$this->request['attach_id'];
$torrent = DB()->fetch_row("SELECT attach_id, physical_filename FROM " . BB_ATTACHMENTS_DESC . " WHERE attach_id = $attach_id LIMIT 1"); $torrent = DB()->fetch_row("
SELECT
ad.attach_id, ad.physical_filename,
tor.forum_id
FROM " . BB_ATTACHMENTS_DESC . " ad
INNER JOIN " . BB_BT_TORRENTS . " tor ON (ad.attach_id = tor.attach_id)
WHERE ad.attach_id = $attach_id LIMIT 1");
if (!$torrent) { if (!$torrent) {
$this->ajax_die($lang['ERROR_BUILD']); $this->ajax_die($lang['ERROR_BUILD']);
} }
// Check rights
$is_auth = auth(AUTH_ALL, $torrent['forum_id'], $userdata);
if (!$is_auth['auth_view']) {
$this->ajax_die($lang['SORRY_AUTH_VIEW_ATTACH']);
}
$file_contents = null; $file_contents = null;
$filename = get_attachments_dir() . '/' . $torrent['physical_filename']; $filename = get_attachments_dir() . '/' . $torrent['physical_filename'];
if (!is_file($filename) || !$file_contents = file_get_contents($filename)) { if (!is_file($filename) || !$file_contents = file_get_contents($filename)) {
@ -37,7 +49,6 @@ try {
} }
$torrent = new TorrentPier\Legacy\TorrentFileList($tor); $torrent = new TorrentPier\Legacy\TorrentFileList($tor);
$tor_filelist = $torrent->get_filelist(); $tor_filelist = $torrent->get_filelist();
$this->response['html'] = $tor_filelist; $this->response['html'] = $tor_filelist;