Add missing access check in WoltLabSuiteMediaBBCode

diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
index 257d59439e248abf67a6e4024b8214c565726fd0..e8f7270a6f4ee548bcd8132190315c29f9fb436b 100644 (file)
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
@@ -27,7 +27,7 @@ class WoltLabSuiteMediaBBCode extends AbstractBBCode {
                /** @var Media $media */
                $media = MessageEmbeddedObjectManager::getInstance()->getObject('com.woltlab.wcf.media', $mediaID);
                
-               if ($media !== null) {
+               if ($media !== null && $media->isAccessible()) {
                        if ($media->isImage) {
                                $thumbnailSize = (!empty($openingTag['attributes'][1])) ? $openingTag['attributes'][1] : 'original';
                                $float = (!empty($openingTag['attributes'][2])) ? $openingTag['attributes'][2] : 'none';