From d2ee619caa78f2ec04c14b5b7c482bcbac6e4f98 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Wed, 30 Jan 2008 04:29:23 +0000
Subject: [PATCH] locking down URLs: image/iframe, image/flush,
 image/transferlegacycontent

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@48828 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 core/model/Image.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/model/Image.php b/core/model/Image.php
index 0c33eaa21..cf3d3ebaa 100755
--- a/core/model/Image.php
+++ b/core/model/Image.php
@@ -433,6 +433,8 @@ class Image_Uploader extends Controller {
 	 * Ensures the css is loaded for the iframe.
 	 */
 	function iframe() {
+		if(!Permission::check('ADMIN')) Security::permissionFailure($this);
+		
 		Requirements::css("cms/css/Image_iframe.css");
 		return array();
 	}
@@ -711,6 +713,8 @@ class Image_Uploader extends Controller {
 	 * Flush all of the generated images.
 	 */
 	function flush() {
+		if(!Permission::check('ADMIN')) Security::permissionFailure($this);
+		
 		$images = DataObject::get("Image","");
 		$numItems = 0;
 		$num = 0;
@@ -731,6 +735,8 @@ class Image_Uploader extends Controller {
 	 * @deprecated This function is only used to migrate content from old databases.
 	 */
 	function transferlegacycontent() {
+		if(!Permission::check('ADMIN')) Security::permissionFailure($this);
+		
 		$images = DB::query("SELECT * FROM _obsolete_Image");
 		echo "<h3>Transferring images</h3>";
 		foreach($images as $image) {