From 826a6ae1093d4c672078e45c9d2f20b5cbb12fa8 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 24 Feb 2021 10:23:01 +0100
Subject: [PATCH] add check_view_access

---
 out/out.RemoveFolder.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/out/out.RemoveFolder.php b/out/out.RemoveFolder.php
index 4c912b958..df96fc2b4 100644
--- a/out/out.RemoveFolder.php
+++ b/out/out.RemoveFolder.php
@@ -43,6 +43,10 @@ if (!is_object($folder)) {
 	UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
 }
 
+if (!$accessop->check_view_access($view, $_GET)) {
+	UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
+}
+
 if ($folder->getID() == $settings->_rootFolderID || !$folder->getParent()) {
 	UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("cannot_rm_root"));
 }