Bypass Download Limit Bug

[elbeer]

This is quite a pain of a bug. If a user opens up a list of downloads e.g. from http://mydomain.com/index.php?action=downloads;cat=5

And say 10 downloads are listed. If they right click each page for the download and open them up in separate tabs they will have 10 pages open with 10 different downloads.

Even though I have a download limit per day set in admin - they can simply press download on each of the open tabs and gain access to each download bypassing any limits I have set.

I have locked down the template but there needs to be some sort of check from downloads2.php prior to releasing the download. e.g. on click of the link check the download count before going on to reveal the download.

[SMFHacks]

Even though I have a download limit per day set in admin - they can simply press download on each of the open tabs and gain access to each download bypassing any limits I have set.

I don't see how that is possible.... I looked at the code it calls the Downloads_DownloadFile file in Downloads2.php and that handles all the checks before the file can be downloaded.

[elbeer]

The checks are done when you open the download page. So if you open 20 download pages and dont actually download anything until all 20 tabs are open you can download as many files as you like.

[SMFHacks]

But you shouldn't be able to download the files though... You might be able to open the pages to view download page but not actually download the files.

[elbeer]

But you can. If you open the download page without actually clicking download the link is rendered but is not counted. If you open up multiple pages where the links are rendered you can then download each file without checking the amount of downloads.