3 files changed, 25 insertions, 3 deletions

diff --git a/include/widgets.php b/include/widgets.php
index fc6fee2ef..2b1fb2859 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -1238,6 +1238,23 @@ function widget_album($args) {
 	if($args['title'])
 		$title = $args['title'];
 
+	/** 
+	 * This may return incorrect permissions if you have multiple directories of the same name.
+	 * It is a limitation of the photo table using a name for a photo album instead of a folder hash
+	 */
+
+	if($album) {
+		$x = q("select hash from attach where filename = '%s' and uid = %d limit 1",
+			dbesc($album),
+			intval($owner_uid)
+		);
+		if($x) {
+			$y = attach_can_view_folder($owner_uid,get_observer_hash(),$x[0]['hash']);
+			if(! $y)
+				return '';
+		}
+	}
+
 	$order = 'DESC';
 
 	$r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN
diff --git a/mod/admin.php b/mod/admin.php
index a884b7658..3f1a69ca6 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -1042,7 +1042,12 @@ function admin_page_plugins(&$a){
 		}
 
 		$admin_form = '';
-		if (is_array($a->plugins_admin) && in_array($plugin, $a->plugins_admin)){
+
+		$r = q("select * from addon where plugin_admin = 1 and name = '%s' limit 1",
+			dbesc($plugin)
+		);
+
+		if($r) {
 			@require_once("addon/$plugin/$plugin.php");
 			if(function_exists($plugin.'_plugin_admin')) {
 				$func = $plugin.'_plugin_admin';
diff --git a/view/js/acl.js b/view/js/acl.js
index a0c1c6c02..ed8af478a 100644
--- a/view/js/acl.js
+++ b/view/js/acl.js
@@ -31,7 +31,7 @@ function ACL(backend_url, preset) {
 			$("#acl-search").keypress(that.on_search);
 
 			/* startup! */
-			that.get(0,1000);
+			that.get(0,15000);
 			that.on_submit();
 	});
 }
@@ -60,7 +60,7 @@ ACL.prototype.on_submit = function() {
 ACL.prototype.search = function() {
 	var srcstr = $("#acl-search").val();
 	that.list_content.html("");
-	that.get(0, 1000, srcstr);
+	that.get(0, 15000, srcstr);
 };
 
 ACL.prototype.on_search = function(event) {