Guard reparent/rearrange against bad values in source_id. Fixes #1843.

author: Bharat Mediratta <bharat@menalto.com> 2012-04-30 15:04:45 -0700
committer: Bharat Mediratta <bharat@menalto.com> 2012-04-30 15:04:45 -0700
commit: f488384a7b56b1e9511fa23d3ac359de64901213 (patch)
tree: bc99b24ae78db01c09bd15ab055d4a8e69e00b0d
parent: b47f56c6a9ea7686a3d7ecf0fd9d981fa3871ccc (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php
index 5a2c3e4f..048f6fc3 100644
--- a/modules/organize/controllers/organize.php
+++ b/modules/organize/controllers/organize.php
@@ -81,6 +81,9 @@ class Organize_Controller extends Controller {
 
     foreach (explode(",", $input->post("source_ids")) as $source_id) {
       $source = ORM::factory("item", $source_id);
+      if (!$source->loaded()) {
+        continue;
+      }
       access::required("edit", $source->parent());
 
       if ($source->contains($new_parent) || $source->id == $new_parent->id) {
@@ -116,6 +119,11 @@ class Organize_Controller extends Controller {
 
     $input = Input::instance();
     $target = ORM::factory("item", $input->post("target_id"));
+    if (!$target->loaded()) {
+      json::reply(null);
+      return;
+    }
+
     $album = $target->parent();
     access::required("edit", $album);
author	Bharat Mediratta <bharat@menalto.com>	2012-04-30 15:04:45 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2012-04-30 15:04:45 -0700
commit	f488384a7b56b1e9511fa23d3ac359de64901213 (patch)
tree	bc99b24ae78db01c09bd15ab055d4a8e69e00b0d
parent	b47f56c6a9ea7686a3d7ecf0fd9d981fa3871ccc (diff)