BUGFIX Fixed too strict permission checking on Image::$allowed_actions. Replaced broken * permission check with explicit method names

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.2@73302 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2009-03-18 03:54:12 +00:00 · 2009-03-18 03:54:12 +00:00 · 1eb4aecad7
commit 1eb4aecad7
parent b5302a0f9d
1 changed files with 4 additions and 1 deletions
--- a/core/model/Image.php
+++ b/core/model/Image.php
@ -436,7 +436,10 @@ class Image_Saver extends DBField {
 class Image_Uploader extends Controller {
 	
 	static $allowed_actions = array(
-		'*' => 'CMS_ACCESS_CMSMain'
+		'iframe' => 'CMS_ACCESS_CMSMain',
+		'flush' => 'CMS_ACCESS_CMSMain',
+		'save' => 'CMS_ACCESS_CMSMain',
+		'delete' => 'CMS_ACCESS_CMSMain'
 	);
 	
 	/**