aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-03-09 21:29:32 -0800
committerFriendika <info@friendika.com>2011-03-09 21:29:32 -0800
commit2270e73fcd231013929d5f9e7475fc8b0d872149 (patch)
tree3cf866f23791d7f9a974297cb68db081840a2fa9
parent35c3e12df53fc0584f1b5231ea6e73a177db3573 (diff)
downloadvolse-hubzilla-2270e73fcd231013929d5f9e7475fc8b0d872149.tar.gz
volse-hubzilla-2270e73fcd231013929d5f9e7475fc8b0d872149.tar.bz2
volse-hubzilla-2270e73fcd231013929d5f9e7475fc8b0d872149.zip
show permission denied photo when direct link was accessed and authentication is insufficient to view
-rw-r--r--images/nosign.jpgbin0 -> 6498 bytes
-rw-r--r--mod/photo.php18
2 files changed, 18 insertions, 0 deletions
diff --git a/images/nosign.jpg b/images/nosign.jpg
new file mode 100644
index 000000000..b73629332
--- /dev/null
+++ b/images/nosign.jpg
Binary files differ
diff --git a/mod/photo.php b/mod/photo.php
index 7f13d1cbf..2f8d180fd 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -108,6 +108,24 @@ function photo_init(&$a) {
if(count($r)) {
$data = $r[0]['data'];
}
+ else {
+
+ // Does the picture exist? It may be a remote person with no credentials,
+ // but who should otherwise be able to view it. Show a default image to let
+ // them know permissions was denied. It may be possible to view the image
+ // through an authenticated profile visit.
+ // There won't be many complete unauthorised people seeing this because
+ // they won't have the photo link, so there's a reasonable chance that the person
+ // might be able to obtain permission to view it.
+
+ $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+ dbesc($photo),
+ intval($resolution)
+ );
+ if(count($r)) {
+ $data = file_get_contents('images/nosign.jpg');
+ }
+ }
}
}