(chore): play it safe, ensure carousel file passes through ACL

4d365c9d · Mark Harding · 9dd4f372 · 4d365c9d
Commit 4d365c9d authored 2 hours ago by Mark Harding
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

channel.php Controllers/api/v1/channel.php +1 -1

No files found.
--- a/Controllers/api/v1/channel.php
+++ b/Controllers/api/v1/channel.php
@@ -190,7 +190,7 @@ class channel implements Interfaces\Api
 'src'=> Core\Config::build()->cdn_url . "fs/v1/banners/$item->guid/fat/$item->last_updated" 
 ); 
 
- if (is_uploaded_file($_FILES['file']['tmp_name'])) { 
+ if ($item->canEdit() && is_uploaded_file($_FILES['file']['tmp_name'])) { 
 $manager->setImage($_FILES['file']['tmp_name']) 
 ->autorotate() 
 ->resize(2000, 10000);