diff options
| author | Chad Kieffer <ckieffer@gmail.com> | 2009-06-02 22:55:23 -0600 |
|---|---|---|
| committer | Chad Kieffer <ckieffer@gmail.com> | 2009-06-02 22:55:23 -0600 |
| commit | 1df6db45dc569cc6f18a9d1622fce5ebe62f8d30 (patch) | |
| tree | e4e8cac619bc2443c3e26d0f87a25c51f8a3b273 /modules/gallery/controllers/photos.php | |
| parent | 2bd8051c28621f6c25a3f85b73da2f94d62440f2 (diff) | |
| parent | dde5fb96ee9db5a67b286ea4ac4f35190453a6ef (diff) | |
Merge branch 'master' of git@github.com:gallery/gallery3
Diffstat (limited to 'modules/gallery/controllers/photos.php')
| -rw-r--r-- | modules/gallery/controllers/photos.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 5d4040cf..2de51bc7 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -62,10 +62,13 @@ class Photos_Controller extends Items_Controller { print $template; } + /** * @see REST_Controller::_update($resource) */ public function _update($photo) { + access::verify_csrf(); + access::required("view", $photo); access::required("edit", $photo); $form = photo::get_edit_form($photo); @@ -110,7 +113,9 @@ class Photos_Controller extends Items_Controller { * @see REST_Controller::_form_edit($resource) */ public function _form_edit($photo) { + access::required("view", $photo); access::required("edit", $photo); + print photo::get_edit_form($photo); } } |