Permission checks in dload.php were not broad enough. We were only checking permissions and privileges on the category of the download. We should have been doing a global check (e.g., permission to the module as a whole was denied).
This resolution does not fix issues with dload.php bypassing .htaccess files or redirects; I will consider those a separate issue.
1 guest and 0 members have recently viewed this.
Leader-board Top Weekly Earners
The top 2 point earners from 19th Apr 2026 to 26th Apr 2026.
System message - Issue updated
Also, Apache redirects do not affect dload.php.
Also, .htaccess does not affect dload.php.
Also, the permissions tree editor does not affect dload.php.
Something is FUNDAMENTALLY BROKEN.
System message - Issue updated
Permission checks in dload.php were not broad enough. We were only checking permissions and privileges on the category of the download. We should have been doing a global check (e.g., permission to the module as a whole was denied).
This resolution does not fix issues with dload.php bypassing .htaccess files or redirects; I will consider those a separate issue.