IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: send 404 error when unauthorized user tries to download user archive

Browse Source
This commit is contained in:
Arpit Jalan
2015-06-08 11:09:38 +05:30
parent a09d893c0c
commit 74141cc475
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/export_csv_controller.rb
View File

@@ -20,7 +20,7 @@ class ExportCsvController < ApplicationController
export_initiated_by_user_id = UserExport.where(id: export_id)[0].user_id unless UserExport.where(id: export_id).empty?
export_csv_path = UserExport.get_download_path(filename)
if export_csv_path && export_initiated_by_user_id == current_user.id
if export_csv_path && current_user.present? && export_initiated_by_user_id == current_user.id
send_file export_csv_path
else
render nothing: true, status: 404