diff options
| author | andyst <andy.st@gmail.com> | 2009-06-01 23:45:37 -0700 |
|---|---|---|
| committer | andyst <andy.st@gmail.com> | 2009-06-01 23:45:37 -0700 |
| commit | 02a840c84cada5a1c0cc0768f350424460310e5d (patch) | |
| tree | 6a35d4afddcf291327a4ff42245bca17328084ae /modules/organize/helpers/organize.php | |
| parent | d0845aadc629cf10b8eee490a651c039750a1430 (diff) | |
| parent | 3b6567f38c206f1302c7b22d94d5eae4b458311a (diff) | |
Merge branch 'master' of git@github.com:gallery/gallery3
Diffstat (limited to 'modules/organize/helpers/organize.php')
| -rw-r--r-- | modules/organize/helpers/organize.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/organize/helpers/organize.php b/modules/organize/helpers/organize.php index 3a207c95..9bf4e986 100644 --- a/modules/organize/helpers/organize.php +++ b/modules/organize/helpers/organize.php @@ -66,6 +66,14 @@ class organize_Core { $tagPane->hidden("item")->value(implode("|", $itemids)); $item_count = count($itemids); $ids = implode(", ", $itemids); + + // Lame stopgap security check. This code is going to get rewritten anyway. + foreach ($itemids as $id) { + $item = ORM::factory("item", $id); + access::required("view", $item); + access::required("edit", $item); + } + $tags = Database::instance()->query( "SELECT t.name, COUNT(it.item_id) as count FROM {items_tags} it, {tags} t |