diff options
Diffstat (limited to 'core/controllers/file_proxy.php')
| -rw-r--r-- | core/controllers/file_proxy.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/controllers/file_proxy.php b/core/controllers/file_proxy.php index 30117f07..3cf915a6 100644 --- a/core/controllers/file_proxy.php +++ b/core/controllers/file_proxy.php @@ -95,6 +95,11 @@ class File_Proxy_Controller extends Controller { kohana::show_404(); } + // Make sure we have view_full access to the original + if ($type == "albums" && !access::can("view_full", $item)) { + kohana::show_404(); + } + // Don't try to load a directory if ($type == "albums" && $item->is_album()) { kohana::show_404(); |