Merge branch 'master' of git@github.com:gallery/gallery3

author: andyst <andy.st@gmail.com> 2009-06-01 23:45:37 -0700
committer: andyst <andy.st@gmail.com> 2009-06-01 23:45:37 -0700
commit: 02a840c84cada5a1c0cc0768f350424460310e5d (patch)
tree: 6a35d4afddcf291327a4ff42245bca17328084ae /modules/gallery/controllers/photos.php
parent: d0845aadc629cf10b8eee490a651c039750a1430 (diff)
parent: 3b6567f38c206f1302c7b22d94d5eae4b458311a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 5d4040cf..2de51bc7 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -62,10 +62,13 @@ class Photos_Controller extends Items_Controller {
     print $template;
   }
 
+
   /**
    * @see REST_Controller::_update($resource)
    */
   public function _update($photo) {
+    access::verify_csrf();
+    access::required("view", $photo);
     access::required("edit", $photo);
 
     $form = photo::get_edit_form($photo);
@@ -110,7 +113,9 @@ class Photos_Controller extends Items_Controller {
    *  @see REST_Controller::_form_edit($resource)
    */
   public function _form_edit($photo) {
+    access::required("view", $photo);
     access::required("edit", $photo);
+
     print photo::get_edit_form($photo);
   }
 }
author	andyst <andy.st@gmail.com>	2009-06-01 23:45:37 -0700
committer	andyst <andy.st@gmail.com>	2009-06-01 23:45:37 -0700
commit	02a840c84cada5a1c0cc0768f350424460310e5d (patch)
tree	6a35d4afddcf291327a4ff42245bca17328084ae /modules/gallery/controllers/photos.php
parent	d0845aadc629cf10b8eee490a651c039750a1430 (diff)
parent	3b6567f38c206f1302c7b22d94d5eae4b458311a (diff)