From e7521c2cb484b409a1054c25ac05264835d74661 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Mon, 25 Mar 2019 20:40:34 -0600
Subject: [PATCH] Update InternalApiController

---
 app/Http/Controllers/InternalApiController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/Http/Controllers/InternalApiController.php b/app/Http/Controllers/InternalApiController.php
index 6efcfabc7..4502fefe4 100644
--- a/app/Http/Controllers/InternalApiController.php
+++ b/app/Http/Controllers/InternalApiController.php
@@ -61,6 +61,9 @@ class InternalApiController extends Controller
         $cw = false;
 
         foreach($medias as $k => $media) {
+            if($k + 1 > config('pixelfed.max_album_length')) {
+                continue;
+            }
             $m = Media::findOrFail($media['id']);
             if($m->profile_id !== $profile->id || $m->status_id) {
                 abort(403, 'Invalid media id');