mirror
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Update InternalApiController

This commit is contained in:
Daniel Supernault 2019-03-25 20:39:34 -06:00
parent a760d66931
commit 1e75b1688d
No known key found for this signature in database
GPG Key ID: 0DEF1C662C9033F7
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Controllers/InternalApiController.php
View File

@ -392,7 +392,7 @@ class InternalApiController extends Controller
'media.*.filter_class' => 'nullable|alpha_dash|max:30',
'media.*.license' => 'nullable|string|max:80',
'cw' => 'nullable|boolean',
'visibility' => 'required|string|in:public,private|min:2|max:10'
'visibility' => 'required|string|in:public,private,unlisted|min:2|max:10'
]);
$profile = Auth::user()->profile;
@ -404,6 +404,9 @@ class InternalApiController extends Controller
$cw = $request->input('cw');
foreach($medias as $k => $media) {
if($k + 1 > config('pixelfed.max_album_length')) {
continue;
}
$m = Media::findOrFail($media['id']);
if($m->profile_id !== $profile->id || $m->status_id) {
abort(403, 'Invalid media id');