From 7608870537503ec571f45a175c8486d7945e7c63 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Tue, 15 Sep 2009 22:51:49 -0700
Subject: Controller auth / CSRF fixes

---
 modules/tag/controllers/tags.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/tag/controllers')

diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php
index f4f98090..b9f2c61c 100644
--- a/modules/tag/controllers/tags.php
+++ b/modules/tag/controllers/tags.php
@@ -44,7 +44,8 @@ class Tags_Controller extends REST_Controller {
 
   public function _index() {
     // Far from perfection, but at least require view permission for the root album
-    access::required("view", 1);
+    $album = ORM::factory("item", 1);
+    access::required("view", $album);
     print tag::cloud(30);
   }
 
-- 
cgit v1.2.3