diff options
| author | rvelices <rv-github@modusoptimus.com> | 2012-03-09 06:04:55 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2012-03-09 06:04:55 +0000 |
| commit | b1c58f59cacb65c819b4234d19a9568f0a66029b (patch) | |
| tree | df2e0ad60d17eff97c95809dd435290588cbe4f7 /action.php | |
| parent | 1fe2f42fa84c812f7fbca4cf070290eafb9f63ae (diff) | |
fix action.php permissions checking when original is small
git-svn-id: http://piwigo.org/svn/trunk@13523 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | action.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/action.php b/action.php index fb2287ac3..485457642 100644 --- a/action.php +++ b/action.php @@ -103,9 +103,13 @@ $file=''; switch ($_GET['part']) { case 'e': - if ( $user['enabled_high']!='true' ) + if ( !$user['enabled_high'] ) { - do_error(401, 'Access denied e'); + $deriv = new DerivativeImage(IMG_XXLARGE, new SrcImage($element_info)); + if ( !$deriv->same_as_source() ) + { + do_error(401, 'Access denied e'); + } } $file = get_element_path($element_info); break; |