aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-05-06 16:12:06 -0700
committerzotlabs <mike@macgirvin.com>2018-05-06 16:12:06 -0700
commit83c18f4d4a5f4f767e2d9073a8962c0dc9fc6fb8 (patch)
tree46d13fb2f9f4fd38f107de098e10e1298b0db9e4
parentb2218574ee56c1611fa2869c5b2630ff4f41803c (diff)
downloadvolse-hubzilla-83c18f4d4a5f4f767e2d9073a8962c0dc9fc6fb8.tar.gz
volse-hubzilla-83c18f4d4a5f4f767e2d9073a8962c0dc9fc6fb8.tar.bz2
volse-hubzilla-83c18f4d4a5f4f767e2d9073a8962c0dc9fc6fb8.zip
Back in the day there were good reasons for showing a permission denied photo instead of a null img. It distinguished a 403 from a 404 in an unmistakable way. What we've discovered is that nothing that is gained from this knowledge and it mostly just annoys and confuses people who can't really do anything about it except to express their annoyance/confusion. So just do a 403/404 instead.
-rw-r--r--Zotlabs/Module/Photo.php17
1 files changed, 9 insertions, 8 deletions
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index b3171fe75..9cafc8d07 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -144,9 +144,11 @@ class Photo extends \Zotlabs\Web\Controller {
if(! in_array($resolution,[4,5,6]))
$allowed = (-1);
}
- if($allowed === (-1))
+
+ if($allowed === (-1)) {
$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
-
+ }
+
$channel = channelx_by_n($r[0]['uid']);
// Now we'll see if we can access the photo
@@ -166,13 +168,12 @@ class Photo extends \Zotlabs\Web\Controller {
}
else {
if(! $allowed) {
- logger('mod_photo: forbidden. ' . \App::$query_string);
- $observer = \App::get_observer();
- logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)'));
- $data = file_get_contents('images/nosign.png');
- $mimetype = 'image/png';
- $prvcachecontrol = true;
+ http_status_exit(403,'forbidden');
+ }
+ if(! $exists) {
+ http_status_exit(404,'not found');
}
+
}
}
}