From e1c04facdbad4b20e53dc7b53047d4011b37ba1f Mon Sep 17 00:00:00 2001
From: pachuco <Ifail@life.net>
Date: Sun, 24 Jun 2012 23:21:22 +0300
Subject: [PATCH] Users with insufficient privileges are now unable to use
 oekaki.

---
 ext/oekaki/main.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/ext/oekaki/main.php b/ext/oekaki/main.php
index 49e1e2cc..02633f99 100644
--- a/ext/oekaki/main.php
+++ b/ext/oekaki/main.php
@@ -10,12 +10,10 @@ class Oekaki extends Extension {
 		global $user, $page;
 
 		if($event->page_matches("oekaki")) {
-			if(!$user->can("create_image")) {
-				$this->theme->display_permission_denied();
-			}
-
-			if($event->get_arg(0) == "create") {
+			if($event->get_arg(0) == "create" and $user->can("create_image")){
 				$this->theme->display_page();
+			}else{
+				$this->theme->display_permission_denied();
 			}
 			if($event->get_arg(0) == "upload") {
 				// FIXME: this allows anyone to upload anything to /data ...