From 95b676c8deb2f92a84b40cff310f02c0b2453a5a Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Sat, 22 Oct 2011 13:32:15 +0900
Subject: [PATCH] Issue #1301814 by David_Rothstein: Fixed Comment module
 security fix from SA-CORE-2011-003 not yet applied to Drupal 8.

---
 modules/comment/comment.module |  6 +++++-
 modules/file/tests/file.test   | 13 +++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 1bdc57a7abed..ae9278ce98f7 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -2710,6 +2710,10 @@ function comment_rdf_mapping() {
  */
 function comment_file_download_access($field, $entity_type, $entity) {
   if ($entity_type == 'comment') {
-    return user_access('access comments') && $entity->status == COMMENT_PUBLISHED || user_access('administer comments');
+    if (user_access('access comments') && $entity->status == COMMENT_PUBLISHED || user_access('administer comments')) {
+      $node = node_load($entity->nid);
+      return node_access('view', $node);
+    }
+    return FALSE;
   }
 }
diff --git a/modules/file/tests/file.test b/modules/file/tests/file.test
index 5474774bbd4a..59f6e0cb0bc8 100644
--- a/modules/file/tests/file.test
+++ b/modules/file/tests/file.test
@@ -569,6 +569,7 @@ class FileFieldWidgetTestCase extends FileFieldTestCase {
       'title' => $this->randomName(),
     );
     $this->drupalPost('node/add/article', $edit, t('Save'));
+    $node = $this->drupalGetNodeByTitle($edit['title']);
 
     // Add a comment with a file.
     $text_file = $this->getTestFile('text');
@@ -598,6 +599,18 @@ class FileFieldWidgetTestCase extends FileFieldTestCase {
     $this->drupalLogout();
     $this->drupalGet(file_create_url($comment_file->uri));
     $this->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.'));
+
+    // Unpublishes node.
+    $this->drupalLogin($this->admin_user);
+    $edit = array(
+      'status' => FALSE,
+    );
+    $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
+
+    // Ensures normal user can no longer download the file.
+    $this->drupalLogin($user);
+    $this->drupalGet(file_create_url($comment_file->uri));
+    $this->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.'));
   }
 
 }
-- 
GitLab