diff options
author | Friendika <info@friendika.com> | 2011-03-09 21:29:32 -0800 |
---|---|---|
committer | Friendika <info@friendika.com> | 2011-03-09 21:29:32 -0800 |
commit | 2270e73fcd231013929d5f9e7475fc8b0d872149 (patch) | |
tree | 3cf866f23791d7f9a974297cb68db081840a2fa9 /mod/photo.php | |
parent | 35c3e12df53fc0584f1b5231ea6e73a177db3573 (diff) | |
download | volse-hubzilla-2270e73fcd231013929d5f9e7475fc8b0d872149.tar.gz volse-hubzilla-2270e73fcd231013929d5f9e7475fc8b0d872149.tar.bz2 volse-hubzilla-2270e73fcd231013929d5f9e7475fc8b0d872149.zip |
show permission denied photo when direct link was accessed and authentication is insufficient to view
Diffstat (limited to 'mod/photo.php')
-rw-r--r-- | mod/photo.php | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/mod/photo.php b/mod/photo.php index 7f13d1cbf..2f8d180fd 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -108,6 +108,24 @@ function photo_init(&$a) { if(count($r)) { $data = $r[0]['data']; } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many complete unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + $data = file_get_contents('images/nosign.jpg'); + } + } } } |