aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2012-03-09 06:04:55 +0000
committerrvelices <rv-github@modusoptimus.com>2012-03-09 06:04:55 +0000
commitb1c58f59cacb65c819b4234d19a9568f0a66029b (patch)
treedf2e0ad60d17eff97c95809dd435290588cbe4f7
parent1fe2f42fa84c812f7fbca4cf070290eafb9f63ae (diff)
fix action.php permissions checking when original is small
git-svn-id: http://piwigo.org/svn/trunk@13523 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--action.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/action.php b/action.php
index fb2287ac3..485457642 100644
--- a/action.php
+++ b/action.php
@@ -103,9 +103,13 @@ $file='';
switch ($_GET['part'])
{
case 'e':
- if ( $user['enabled_high']!='true' )
+ if ( !$user['enabled_high'] )
{
- do_error(401, 'Access denied e');
+ $deriv = new DerivativeImage(IMG_XXLARGE, new SrcImage($element_info));
+ if ( !$deriv->same_as_source() )
+ {
+ do_error(401, 'Access denied e');
+ }
}
$file = get_element_path($element_info);
break;