Index: openacs-4/packages/acs-subsite/www/file.vuh =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/file.vuh,v diff -u -r1.2 -r1.2.2.1 --- openacs-4/packages/acs-subsite/www/file.vuh 9 Oct 2006 19:32:40 -0000 1.2 +++ openacs-4/packages/acs-subsite/www/file.vuh 6 Apr 2007 17:02:15 -0000 1.2.2.1 @@ -6,7 +6,7 @@ # @creation-date 2006-08-01 # @cvs-id $Id$ -if {![regexp {^/([0-9]{1,8})(/(private)/([0-9]{1,8}))?(/(.+))?$} [ad_conn path_info] match object_id private_slash private dummy anchor]} { +if {![regexp {^/([0-9]{1,8})(/(private)/([0-9]{1,8}))?(/(.*))?$} [ad_conn path_info] match object_id private_slash private dummy anchor]} { ad_return_warning "Invalid object id" [subst { The identifier given for this object is invalid. Please check your url or contact the webmaster if you think it should work. @@ -40,12 +40,17 @@ -party_id [ad_conn user_id]]} { ns_returnnotfound ad_script_abort + } } else { - permission::require_permission \ - -privilege "read" \ - -object_id $object_id \ - -party_id [ad_conn user_id] + if {![permission::permission_p \ + -privilege "read" \ + -object_id $object_id \ + -party_id [ad_conn user_id]]} { + ns_returnnotfound + ad_script_abort + } } + # find a cr_item and serve it cr_write_content -item_id $object_id \ No newline at end of file Index: openacs-4/packages/acs-subsite/www/image.vuh =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/image.vuh,v diff -u -r1.2 -r1.2.2.1 --- openacs-4/packages/acs-subsite/www/image.vuh 9 Oct 2006 19:32:40 -0000 1.2 +++ openacs-4/packages/acs-subsite/www/image.vuh 6 Apr 2007 17:02:15 -0000 1.2.2.1 @@ -6,7 +6,7 @@ # @creation-date 2006-08-01 # @cvs-id $Id$ set url [ad_conn path_info] -if {![regexp {^/([0-9]{1,8})(/(|thumbnail|info))?(/(private)/([0-9]{1,8}))?(/(.+))?$} $url match object_id extra_arg_slash extra_arg private_slash private private_parent_id filename_slash filename anchor]} { +if {![regexp {^/([0-9]{1,8})(/(|thumbnail|info))?(/(private)/([0-9]{1,8}))?(/(.*))?$} $url match object_id extra_arg_slash extra_arg private_slash private private_parent_id filename_slash filename anchor]} { ad_return_warning "Invalid object id" [subst { The identifier given for this object (${object_id}) is invalid. Please check your url or contact the webmaster if you think it should work.