[Fusionforge-commits] r8549 - trunk/gforge/www/tracker

Alain Peyrat aljeux at libremir.placard.fr.eu.org
Wed Dec 16 20:57:18 CET 2009


Author: aljeux
Date: 2009-12-16 20:57:18 +0100 (Wed, 16 Dec 2009)
New Revision: 8549

Modified:
   trunk/gforge/www/tracker/download.php
Log:
Tracker: download: Improved sanitizing of args and remove the requirement to be logged in for downloading an attachement

Modified: trunk/gforge/www/tracker/download.php
===================================================================
--- trunk/gforge/www/tracker/download.php	2009-12-16 19:57:13 UTC (rev 8548)
+++ trunk/gforge/www/tracker/download.php	2009-12-16 19:57:18 UTC (rev 8549)
@@ -15,19 +15,14 @@
 require_once $gfwww.'include/pre.php';
 require_once $gfcommon.'tracker/Artifact.class.php';
 require_once $gfcommon.'tracker/ArtifactFile.class.php';
-//require_once('www/tracker/include/ArtifactFileHtml.class.php');
 require_once $gfcommon.'tracker/ArtifactType.class.php';
-require_once $gfcommon.'tracker/ArtifactType.class.php';
 
-if (!session_loggedin()) {
-	exit_not_logged_in();	
-}
 
 $arr=explode('/',getStringFromServer('REQUEST_URI'));
-$group_id=$arr[3];
-$atid=$arr[4];
-$aid=$arr[5];
-$file_id=$arr[6];
+$group_id=(int)$arr[3];
+$atid=(int)$arr[4];
+$aid=(int)$arr[5];
+$file_id=(int)$arr[6];
 
 if (!$group_id) {
 	exit_no_group();




More information about the Fusionforge-commits mailing list