aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/photo.php14
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/photo.php b/mod/photo.php
index 5033033ff..c8fd55706 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -22,13 +22,15 @@ function photo_init(&$a) {
// NOTREACHED
}
+ $observer_xchan = get_observer_hash();
+
$default = 'images/person-175.jpg';
if(isset($type)) {
-
/**
- * Profile photos
+ * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
+ *
*/
if($type === 'profile') {
@@ -84,8 +86,10 @@ function photo_init(&$a) {
dbesc($photo),
intval($resolution)
);
- if(count($r)) {
+ if($r) {
+ $allowed = perm_is_allowed($r[0]['uid'],$observer_xchan,'view_photos');
+
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
@@ -95,7 +99,7 @@ function photo_init(&$a) {
intval($resolution)
);
- if(count($r)) {
+ if($r && $allowed) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
}
@@ -113,7 +117,7 @@ function photo_init(&$a) {
dbesc($photo),
intval($resolution)
);
- if(count($r)) {
+ if($r) {
$data = file_get_contents('images/nosign.jpg');
$mimetype = 'image/jpeg';
$prvcachecontrol = true;