From 27ccbf1f6ffcd071a8a7f62e99e122c4a1c4dd35 Mon Sep 17 00:00:00 2001
From: Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org>
Date: Thu, 30 Mar 2006 17:45:32 +0000
Subject: [PATCH] #55520, improved docs, patch by dopry

---
 includes/file.inc            | 13 +++----------
 modules/upload.module        |  3 +--
 modules/upload/upload.module |  3 +--
 3 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/includes/file.inc b/includes/file.inc
index 2c3e8a5ecf2..1c79f9e8296 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -27,11 +27,7 @@ define('FILE_EXISTS_ERROR', 2);
  * @return A string containing a URL that can be used to download the file.
  */
 function file_create_url($path) {
-  // strip file_directory_paths from url if present. Prevent ugly and filesystem revealing 
-  // urls like http://example.com/system/files/../../../home/gatsby/private/files
-  // I think it also keep absolute file_directory_paths working since they would get broken if
-  // we tried to pass them in the url.
-
+  // Strip file_directory_path from $path. We only include relative paths in urls. 
   if (strpos($path, file_directory_path()) !== false) {
     $path = trim(substr($path, strlen(file_directory_path())), '\\/');
   }
@@ -578,14 +574,11 @@ function file_transfer($source, $headers) {
  */
 
 function file_download() {
-  //use the remainder of the path to get the file.
-  //enables 4.7 clean private files paths.
+  // Merge remainder of arguments from GET['q'], into relative file path.
   $args = func_get_args();
   $filepath = implode('/', $args);
 
-  // add the ?file= if it is present. Otherwise we 
-  // break all old nodes with private files displayed 
-  // inline.
+  // Maintain compatability with old ?file=paths saved in node bodies.
   if (isset($_GET['file'])) {
     $filepath =  $_GET['file'];
   }
diff --git a/modules/upload.module b/modules/upload.module
index 75fc07fa2f8..46d582400d4 100644
--- a/modules/upload.module
+++ b/modules/upload.module
@@ -80,8 +80,7 @@ function upload_menu($may_cache) {
       foreach ($_SESSION['file_previews'] as $fid => $file) {
         $filename = file_create_filename($file->filename, file_create_path());
         if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) ==  FILE_DOWNLOADS_PRIVATE) {
-            // strip file_directory_path() from filepath 
-            // to hide relative paths in url.  see file_create_url
+            // strip file_directory_path() from filename. @see file_create_url 
             if (strpos($filename, file_directory_path()) !== false) {
               $filename = trim(substr($filename, strlen(file_directory_path())), '\\/');
             }
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 75fc07fa2f8..46d582400d4 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -80,8 +80,7 @@ function upload_menu($may_cache) {
       foreach ($_SESSION['file_previews'] as $fid => $file) {
         $filename = file_create_filename($file->filename, file_create_path());
         if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) ==  FILE_DOWNLOADS_PRIVATE) {
-            // strip file_directory_path() from filepath 
-            // to hide relative paths in url.  see file_create_url
+            // strip file_directory_path() from filename. @see file_create_url 
             if (strpos($filename, file_directory_path()) !== false) {
               $filename = trim(substr($filename, strlen(file_directory_path())), '\\/');
             }