From 3e6eba080eade38035106b0aa23b974a0c161e6b Mon Sep 17 00:00:00 2001
From: Matthias Schmidt <gravatronics@live.com>
Date: Sun, 11 Sep 2016 15:23:31 +0200
Subject: [PATCH] Add missing access check in WoltLabSuiteMediaBBCode

---
 .../files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
index 257d59439e..e8f7270a6f 100644
--- a/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/WoltLabSuiteMediaBBCode.class.php
@@ -27,7 +27,7 @@ class WoltLabSuiteMediaBBCode extends AbstractBBCode {
 		/** @var Media $media */
 		$media = MessageEmbeddedObjectManager::getInstance()->getObject('com.woltlab.wcf.media', $mediaID);
 		
-		if ($media !== null) {
+		if ($media !== null && $media->isAccessible()) {
 			if ($media->isImage) {
 				$thumbnailSize = (!empty($openingTag['attributes'][1])) ? $openingTag['attributes'][1] : 'original';
 				$float = (!empty($openingTag['attributes'][2])) ? $openingTag['attributes'][2] : 'none';
-- 
2.20.1