? modules/blogapi/blogapi56.test
? modules/blogapi/blogapi56.txt
? modules/simpletest/variable-profile-279455-1.patch
Index: modules/upload/upload.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/upload/upload.module,v
retrieving revision 1.210
diff -u -p -r1.210 upload.module
--- modules/upload/upload.module	9 Oct 2008 15:15:54 -0000	1.210
+++ modules/upload/upload.module	10 Oct 2008 01:22:38 -0000
@@ -154,15 +154,17 @@ function _upload_file_limits($user) {
  */
 function upload_file_download($filepath) {
   $filepath = file_create_path($filepath);
-  $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
+  $result = db_query("SELECT f.*, u.nid FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
   if ($file = db_fetch_object($result)) {
-    if (!user_access('view uploaded files')) {
+    if (user_access('view uploaded files') && ($node = node_load($file->nid)) && node_access('view', $node)) {
+      return array(
+        'Content-Type: ' . $file->filemime,
+        'Content-Length: ' . $file->filesize,
+      );
+    }
+    else {
       return -1;
     }
-    return array(
-      'Content-Type: ' . $file->filemime,
-      'Content-Length: ' . $file->filesize,
-    );
   }
 }