aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Photo.php17
1 files changed, 9 insertions, 8 deletions
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index b3171fe75..9cafc8d07 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -144,9 +144,11 @@ class Photo extends \Zotlabs\Web\Controller {
if(! in_array($resolution,[4,5,6]))
$allowed = (-1);
}
- if($allowed === (-1))
+
+ if($allowed === (-1)) {
$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
-
+ }
+
$channel = channelx_by_n($r[0]['uid']);
// Now we'll see if we can access the photo
@@ -166,13 +168,12 @@ class Photo extends \Zotlabs\Web\Controller {
}
else {
if(! $allowed) {
- logger('mod_photo: forbidden. ' . \App::$query_string);
- $observer = \App::get_observer();
- logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)'));
- $data = file_get_contents('images/nosign.png');
- $mimetype = 'image/png';
- $prvcachecontrol = true;
+ http_status_exit(403,'forbidden');
+ }
+ if(! $exists) {
+ http_status_exit(404,'not found');
}
+
}
}
}