From b1c58f59cacb65c819b4234d19a9568f0a66029b Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Fri, 9 Mar 2012 06:04:55 +0000
Subject: fix action.php permissions checking when original is small

git-svn-id: http://piwigo.org/svn/trunk@13523 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 action.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'action.php')

diff --git a/action.php b/action.php
index fb2287ac3..485457642 100644
--- a/action.php
+++ b/action.php
@@ -103,9 +103,13 @@ $file='';
 switch ($_GET['part'])
 {
   case 'e':
-    if ( $user['enabled_high']!='true' )
+    if ( !$user['enabled_high'] )
     {
-      do_error(401, 'Access denied e');
+      $deriv = new DerivativeImage(IMG_XXLARGE, new SrcImage($element_info));
+      if ( !$deriv->same_as_source() )
+      {
+        do_error(401, 'Access denied e');
+      }
     }
     $file = get_element_path($element_info);
     break;
-- 
cgit v1.2.3