2 files changed, 24 insertions, 2 deletions

diff --git a/classes/TidypicsAlbum.php b/classes/TidypicsAlbum.php
index ad1a357de..57bdcf707 100644
--- a/classes/TidypicsAlbum.php
+++ b/classes/TidypicsAlbum.php
@@ -206,8 +206,14 @@ class TidypicsAlbum extends ElggObject {
 		}
 		$list = unserialize($listString);
 
+		// if empty don't need to check the permissions.
+		if (!$list || $list[0] == '') {
+			return array();
+		}
+
 		// check access levels
 		$guidsString = implode(',', $list);
+
 		$options = array(
 			'wheres' => array("e.guid IN ($guidsString)"),
 			'order_by' => "FIELD(e.guid, $guidsString)",
@@ -225,8 +231,15 @@ class TidypicsAlbum extends ElggObject {
 	 * @param array $list An indexed array of image guids 
 	 */
 	public function setImageList($list) {
+		// validate data
+		foreach ($list as $guid) {
+			if (!filter_var($guid, FILTER_VALIDATE_INT)) {
+				return false;
+			}
+		}
+
 		$listString = serialize($list);
-		$this->orderedImages = $listString;
+		return $this->orderedImages = $listString;
 	}
 
 	/**
diff --git a/classes/TidypicsImage.php b/classes/TidypicsImage.php
index c0b5de723..26a3483a9 100644
--- a/classes/TidypicsImage.php
+++ b/classes/TidypicsImage.php
@@ -90,7 +90,11 @@ class TidypicsImage extends ElggFile {
 	 * @return string
 	 */
 	public function getTitle() {
-		return $this->title;
+		if ($this->title) {
+			return $this->title;
+		} else {
+			return $this->originalfilename;
+		}
 	}
 
 	/**
@@ -244,6 +248,11 @@ class TidypicsImage extends ElggFile {
 			trigger_error('Tidypics warning: image memory size too large for resizing so rejecting', E_USER_WARNING);
 			throw new Exception(elgg_echo('tidypics:image_pixels'));
 		}
+
+		// make sure file fits quota
+		if (!tp_upload_check_quota($data['size'], elgg_get_logged_in_user_guid())) {
+			throw new Exception(elgg_echo('tidypics:cannot_upload_exceeds_quota'));
+		}
 	}
 
 	/**