Révision b0dc3a2e
Ajouté par Julien Enselme il y a plus de 7 ans
drupal7/modules/file/file.module | ||
---|---|---|
457 | 457 |
'#markup' => theme('file_link', array('file' => $element['#file'])) . ' ', |
458 | 458 |
'#weight' => -10, |
459 | 459 |
); |
460 |
// Anonymous users who have uploaded a temporary file need a |
|
461 |
// non-session-based token added so file_managed_file_value() can check |
|
462 |
// that they have permission to use this file on subsequent submissions of |
|
463 |
// the same form (for example, after an Ajax upload or form validation |
|
464 |
// error). |
|
465 |
if (!$GLOBALS['user']->uid && $element['#file']->status != FILE_STATUS_PERMANENT) { |
|
466 |
$element['fid_token'] = array( |
|
467 |
'#type' => 'hidden', |
|
468 |
'#value' => drupal_hmac_base64('file-' . $fid, drupal_get_private_key() . drupal_get_hash_salt()), |
|
469 |
); |
|
470 |
} |
|
460 | 471 |
} |
461 | 472 |
|
462 | 473 |
// Add the extension list to the page as JavaScript settings. |
... | ... | |
533 | 544 |
$force_default = TRUE; |
534 | 545 |
} |
535 | 546 |
// Temporary files that belong to other users should never be allowed. |
536 |
// Since file ownership can't be determined for anonymous users, they |
|
537 |
// are not allowed to reuse temporary files at all. |
|
538 |
elseif ($file->status != FILE_STATUS_PERMANENT && (!$GLOBALS['user']->uid || $file->uid != $GLOBALS['user']->uid)) { |
|
539 |
$force_default = TRUE; |
|
547 |
elseif ($file->status != FILE_STATUS_PERMANENT) { |
|
548 |
if ($GLOBALS['user']->uid && $file->uid != $GLOBALS['user']->uid) { |
|
549 |
$force_default = TRUE; |
|
550 |
} |
|
551 |
// Since file ownership can't be determined for anonymous users, they |
|
552 |
// are not allowed to reuse temporary files at all. But they do need |
|
553 |
// to be able to reuse their own files from earlier submissions of |
|
554 |
// the same form, so to allow that, check for the token added by |
|
555 |
// file_managed_file_process(). |
|
556 |
elseif (!$GLOBALS['user']->uid) { |
|
557 |
$token = drupal_array_get_nested_value($form_state['input'], array_merge($element['#parents'], array('fid_token'))); |
|
558 |
if ($token !== drupal_hmac_base64('file-' . $file->fid, drupal_get_private_key() . drupal_get_hash_salt())) { |
|
559 |
$force_default = TRUE; |
|
560 |
} |
|
561 |
} |
|
540 | 562 |
} |
541 | 563 |
// If all checks pass, allow the file to be changed. |
542 |
else {
|
|
564 |
if (!$force_default) {
|
|
543 | 565 |
$fid = $file->fid; |
544 | 566 |
} |
545 | 567 |
} |
Formats disponibles : Unified diff
Update to Drupal 7.52