From: Matthias Schmidt <gravatronics@live.com>
Date: Sun, 11 Sep 2016 13:23:31 +0000 (+0200)
Subject: Add missing access check in WoltLabSuiteMediaBBCode
X-Git-Tag: 3.0.0_Beta_1~211
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3e6eba080eade38035106b0aa23b974a0c161e6b;p=GitHub%2FWoltLab%2FWCF.git

Add missing access check in WoltLabSuiteMediaBBCode
---

diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
index 257d59439e..e8f7270a6f 100644
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
@@ -27,7 +27,7 @@ class WoltLabSuiteMediaBBCode extends AbstractBBCode {
 		/** @var Media $media */
 		$media = MessageEmbeddedObjectManager::getInstance()->getObject('com.woltlab.wcf.media', $mediaID);
 		
-		if ($media !== null) {
+		if ($media !== null && $media->isAccessible()) {
 			if ($media->isImage) {
 				$thumbnailSize = (!empty($openingTag['attributes'][1])) ? $openingTag['attributes'][1] : 'original';
 				$float = (!empty($openingTag['attributes'][2])) ? $openingTag['attributes'][2] : 'none';