diff options
| author | Chad Kieffer <ckieffer@gmail.com> | 2009-06-02 22:55:23 -0600 |
|---|---|---|
| committer | Chad Kieffer <ckieffer@gmail.com> | 2009-06-02 22:55:23 -0600 |
| commit | 1df6db45dc569cc6f18a9d1622fce5ebe62f8d30 (patch) | |
| tree | e4e8cac619bc2443c3e26d0f87a25c51f8a3b273 /modules/organize/helpers/organize.php | |
| parent | 2bd8051c28621f6c25a3f85b73da2f94d62440f2 (diff) | |
| parent | dde5fb96ee9db5a67b286ea4ac4f35190453a6ef (diff) | |
Merge branch 'master' of git@github.com:gallery/gallery3
Diffstat (limited to 'modules/organize/helpers/organize.php')
| -rw-r--r-- | modules/organize/helpers/organize.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/organize/helpers/organize.php b/modules/organize/helpers/organize.php index 3a207c95..9bf4e986 100644 --- a/modules/organize/helpers/organize.php +++ b/modules/organize/helpers/organize.php @@ -66,6 +66,14 @@ class organize_Core { $tagPane->hidden("item")->value(implode("|", $itemids)); $item_count = count($itemids); $ids = implode(", ", $itemids); + + // Lame stopgap security check. This code is going to get rewritten anyway. + foreach ($itemids as $id) { + $item = ORM::factory("item", $id); + access::required("view", $item); + access::required("edit", $item); + } + $tags = Database::instance()->query( "SELECT t.name, COUNT(it.item_id) as count FROM {items_tags} it, {tags} t |