diff options
-rw-r--r-- | mod/photo.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/photo.php b/mod/photo.php index 5033033ff..c8fd55706 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -22,13 +22,15 @@ function photo_init(&$a) { // NOTREACHED } + $observer_xchan = get_observer_hash(); + $default = 'images/person-175.jpg'; if(isset($type)) { - /** - * Profile photos + * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites. + * */ if($type === 'profile') { @@ -84,8 +86,10 @@ function photo_init(&$a) { dbesc($photo), intval($resolution) ); - if(count($r)) { + if($r) { + $allowed = perm_is_allowed($r[0]['uid'],$observer_xchan,'view_photos'); + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the photo @@ -95,7 +99,7 @@ function photo_init(&$a) { intval($resolution) ); - if(count($r)) { + if($r && $allowed) { $data = $r[0]['data']; $mimetype = $r[0]['type']; } @@ -113,7 +117,7 @@ function photo_init(&$a) { dbesc($photo), intval($resolution) ); - if(count($r)) { + if($r) { $data = file_get_contents('images/nosign.jpg'); $mimetype = 'image/jpeg'; $prvcachecontrol = true; |