1 files changed, 14 insertions, 1 deletions

diff --git a/classes/TidypicsAlbum.php b/classes/TidypicsAlbum.php
index ad1a357de..57bdcf707 100644
--- a/classes/TidypicsAlbum.php
+++ b/classes/TidypicsAlbum.php
@@ -206,8 +206,14 @@ class TidypicsAlbum extends ElggObject {
 		}
 		$list = unserialize($listString);
 
+		// if empty don't need to check the permissions.
+		if (!$list || $list[0] == '') {
+			return array();
+		}
+
 		// check access levels
 		$guidsString = implode(',', $list);
+
 		$options = array(
 			'wheres' => array("e.guid IN ($guidsString)"),
 			'order_by' => "FIELD(e.guid, $guidsString)",
@@ -225,8 +231,15 @@ class TidypicsAlbum extends ElggObject {
 	 * @param array $list An indexed array of image guids 
 	 */
 	public function setImageList($list) {
+		// validate data
+		foreach ($list as $guid) {
+			if (!filter_var($guid, FILTER_VALIDATE_INT)) {
+				return false;
+			}
+		}
+
 		$listString = serialize($list);
-		$this->orderedImages = $listString;
+		return $this->orderedImages = $listString;
 	}
 
 	/**