From 83c18f4d4a5f4f767e2d9073a8962c0dc9fc6fb8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 6 May 2018 16:12:06 -0700 Subject: Back in the day there were good reasons for showing a permission denied photo instead of a null img. It distinguished a 403 from a 404 in an unmistakable way. What we've discovered is that nothing that is gained from this knowledge and it mostly just annoys and confuses people who can't really do anything about it except to express their annoyance/confusion. So just do a 403/404 instead. --- Zotlabs/Module/Photo.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index b3171fe75..9cafc8d07 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -144,9 +144,11 @@ class Photo extends \Zotlabs\Web\Controller { if(! in_array($resolution,[4,5,6])) $allowed = (-1); } - if($allowed === (-1)) + + if($allowed === (-1)) { $allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo); - + } + $channel = channelx_by_n($r[0]['uid']); // Now we'll see if we can access the photo @@ -166,13 +168,12 @@ class Photo extends \Zotlabs\Web\Controller { } else { if(! $allowed) { - logger('mod_photo: forbidden. ' . \App::$query_string); - $observer = \App::get_observer(); - logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)')); - $data = file_get_contents('images/nosign.png'); - $mimetype = 'image/png'; - $prvcachecontrol = true; + http_status_exit(403,'forbidden'); + } + if(! $exists) { + http_status_exit(404,'not found'); } + } } } -- cgit v1.2.3