From 1eb4aecad7821a34bd075b5a08c659ece4ef99b0 Mon Sep 17 00:00:00 2001
From: Sean Harvey <sean@silverstripe.com>
Date: Wed, 18 Mar 2009 03:54:12 +0000
Subject: [PATCH] BUGFIX Fixed too strict permission checking on
 Image::$allowed_actions. Replaced broken * permission check with explicit
 method names

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.2@73302 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 core/model/Image.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/model/Image.php b/core/model/Image.php
index 66d677ad4..8c84090b1 100755
--- a/core/model/Image.php
+++ b/core/model/Image.php
@@ -436,7 +436,10 @@ class Image_Saver extends DBField {
 class Image_Uploader extends Controller {
 	
 	static $allowed_actions = array(
-		'*' => 'CMS_ACCESS_CMSMain'
+		'iframe' => 'CMS_ACCESS_CMSMain',
+		'flush' => 'CMS_ACCESS_CMSMain',
+		'save' => 'CMS_ACCESS_CMSMain',
+		'delete' => 'CMS_ACCESS_CMSMain'
 	);
 	
 	/**