summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorShad Laws <shad@shadlaws.com>2013-06-11 22:33:50 -0700
committerShad Laws <shad@shadlaws.com>2013-06-11 22:33:50 -0700
commitb024c07036b53b61a73c255447333686585315f5 (patch)
tree870d2fafe600b09cfb000161bc512fca2f48f36d
parent53d3fa81252f1c033cb3c462b1714865088139cb (diff)
parent3c100d06ff10d12b1b6b960ba52c5206bac855c4 (diff)
Merge pull request #396 from shadlaws/fix_2074_master
#2074 - Mirror some additional file_proxy checks in data_rest.
-rw-r--r--modules/gallery/helpers/data_rest.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/modules/gallery/helpers/data_rest.php b/modules/gallery/helpers/data_rest.php
index d4f456d7..a0a225f9 100644
--- a/modules/gallery/helpers/data_rest.php
+++ b/modules/gallery/helpers/data_rest.php
@@ -25,7 +25,6 @@
class data_rest_Core {
static function get($request) {
$item = rest::resolve($request->url);
- access::required("view", $item);
$p = $request->params;
if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
@@ -36,10 +35,16 @@ class data_rest_Core {
// see if you should make the same change there as well.
if ($p->size == "full") {
+ if ($item->is_album()) {
+ throw new Kohana_404_Exception();
+ }
+ access::required("view_full", $item);
$file = $item->file_path();
} else if ($p->size == "resize") {
+ access::required("view", $item);
$file = $item->resize_path();
} else {
+ access::required("view", $item);
$file = $item->thumb_path();
}