From d390acc8886a7f48899e5bf180b1d4f42d9c45c5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 Apr 2017 02:03:59 +0200 Subject: [PATCH] FIX A non admin user can not download files attached to user. --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 87a587a7460..2faa3ae1a8f 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1557,7 +1557,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu else if ($modulepart == 'user' && !empty($conf->user->dir_output)) { $canreaduser=(! empty($fuser->admin) || $fuser->rights->user->user->lire); - if ($user->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card + if ($fuser->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card if ($canreaduser || preg_match('/^specimen/i',$original_file)) { $accessallowed=1;