From ebf0037df50822cffc3df77418dccce7d2df3409 Mon Sep 17 00:00:00 2001
From: Bobby Wibowo <bobbywibowo98@gmail.com>
Date: Sat, 16 May 2020 22:42:08 +0700
Subject: [PATCH] Disallow albumid keys on albums' uploads lists

---
 controllers/uploadController.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index dbe177c..cf1d73e 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -830,9 +830,12 @@ self.list = async (req, res) => {
   }
 
   if (filters) {
-    let keywords = [
-      'albumid'
-    ]
+    let keywords = []
+
+    if (req.params.id === undefined)
+      keywords = keywords.concat([
+        'albumid'
+      ])
 
     // Only allow filtering by 'ip' and 'user' keys when listing all uploads
     if (all)