← Back to branch summary

~ubuntu-branches/ubuntu/natty/mantis/natty-security

« back to all changes in this revision

Viewing changes to bug_file_delete.php

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2012-06-29 07:28:16 UTC
  • mfrom: (7.1.11 squeeze)
  • Revision ID: package-import@ubuntu.com-20120629072816-1rwdgapquo4k5uyg
Tags: 1.1.8+dfsg-10squeeze2build0.11.04.1
fake sync from Debian

Show diffs side-by-side

added added

removed removed

Lines of Context:
bug_file_delete.php
35
35
 
36
36
        $t_bug_id = file_get_field( $f_file_id, 'bug_id' );
37
37
 
38
 
        access_ensure_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id );
39
 
 
40
38
        $t_bug = bug_get( $t_bug_id, true );
41
39
        if( $t_bug->project_id != helper_get_current_project() ) {
42
40
                # in case the current project is not the same project of the bug we are viewing...
44
42
                $g_project_override = $t_bug->project_id;
45
43
        }
46
44
 
 
45
        $t_attachment_owner = file_get_field( $f_file_id, 'user_id' );
 
46
        $t_current_user_is_attachment_owner = $t_attachment_owner == auth_get_current_user_id();
 
47
        if ( !$t_current_user_is_attachment_owner || ( $t_current_user_is_attachment_owner && !config_get( 'allow_delete_own_attachments' ) ) ) {
 
48
                access_ensure_bug_level( config_get( 'delete_attachments_threshold' ), $t_bug_id );
 
49
        }
 
50
 
47
51
        helper_ensure_confirmed( lang_get( 'delete_attachment_sure_msg' ), lang_get( 'delete_attachment_button' ) );
48
52
 
49
53
        file_delete( $f_file_id, 'bug' );