Updated

2025-02-28 15:10:54 +03:00 · 2023-12-18 16:06:47 +07:00 · 2023-12-18 16:06:47 +07:00 · a889577005
commit a889577005
parent 376223daaa
3 changed files with 17 additions and 12 deletions
--- a/dl.php
+++ b/dl.php
@ -198,12 +198,17 @@ $download_mode = array();
 for ($i = 0; $i < $num_rows; $i++)
 {
 	$extension = strtolower(trim($rows[$i]['extension']));
+	// Get allowed extensions
+	if ((int) $rows[$i]['allow_group'] === 1)
+	{
+		$allowed_extensions[] = $extension;
+	}
 	$allowed_extensions[] = $extension;
 	$download_mode[$extension] = $rows[$i]['download_mode'];
 }

 // Disallowed
-if (!in_array($attachment['extension'], $allowed_extensions))
+if (!in_array($attachment['extension'], $allowed_extensions) && !IS_ADMIN)
 {
 	bb_die(sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']) . "<br /><br />" . $lang['FILENAME'] . ":&nbsp;" . $attachment['physical_filename']);
 }
--- a/library/attach_mod/displaying.php
+++ b/library/attach_mod/displaying.php
@ -17,7 +17,7 @@ function init_complete_extensions_data()

 	if (!$extension_informations = get_extension_informations())
 	{
-		$extension_informations = $GLOBALS['datastore']->update('attach_extensions'); //get_extension_informations()
+		$GLOBALS['datastore']->update('attach_extensions'); //get_extension_informations()
 		$extension_informations = get_extension_informations();
 	}
 	$allowed_extensions = array();
@ -25,7 +25,11 @@ function init_complete_extensions_data()
 	for ($i = 0, $size = sizeof($extension_informations); $i < $size; $i++)
 	{
 		$extension = strtolower(trim($extension_informations[$i]['extension']));
-		$allowed_extensions[] = $extension;
+		// Get allowed extensions
+		if ((int) $extension_informations[$i]['allow_group'] === 1)
+		{
+			$allowed_extensions[] = $extension;
+		}
 		$display_categories[$extension] = intval($extension_informations[$i]['cat_id']);
 		$download_modes[$extension] = intval($extension_informations[$i]['download_mode']);
 		$upload_icons[$extension] = trim($extension_informations[$i]['upload_icon']);
--- a/library/includes/datastore/build_attach_extensions.php
+++ b/library/includes/datastore/build_attach_extensions.php
@ -4,14 +4,10 @@ if (!defined('BB_ROOT')) die(basename(__FILE__));

 // Don't count on forbidden extensions table, because it is not allowed to allow forbidden extensions at all
 $extensions = DB()->fetch_rowset("
-	SELECT
-	  e.extension, g.cat_id, g.download_mode, g.upload_icon
-	FROM
-	  ". BB_EXTENSIONS       ." e,
-	  ". BB_EXTENSION_GROUPS ." g
-	WHERE
-	      e.group_id = g.group_id
-	  AND g.allow_group = 1
+	SELECT e.extension, g.cat_id, g.download_mode, g.upload_icon, g.allow_group FROM
+		". BB_EXTENSIONS       ." e,
+		". BB_EXTENSION_GROUPS ." g
+	WHERE e.group_id = g.group_id
 ");

-$this->store('attach_extensions', $extensions);
+$this->store('attach_extensions', $extensions);