Back in the day there were good reasons for showing a permission denied photo instead of a null img. It distinguished a 403 from a 404 in an unmistakable way. What we've discovered is that nothing that is gained from this knowledge and it mostly just annoys and confuses people who can't really do anything about it except to express their annoyance/confusion. So just do a 403/404 instead.
This commit is contained in:
zotlabs
parent
b2218574ee
commit
83c18f4d4a
@ -144,9 +144,11 @@ class Photo extends \Zotlabs\Web\Controller {
|
||||
if(! in_array($resolution,[4,5,6]))
|
||||
$allowed = (-1);
|
||||
}
|
||||
if($allowed === (-1))
|
||||
|
||||
if($allowed === (-1)) {
|
||||
$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
|
||||
|
||||
}
|
||||
|
||||
$channel = channelx_by_n($r[0]['uid']);
|
||||
|
||||
// Now we'll see if we can access the photo
|
||||
@ -166,13 +168,12 @@ class Photo extends \Zotlabs\Web\Controller {
|
||||
}
|
||||
else {
|
||||
if(! $allowed) {
|
||||
logger('mod_photo: forbidden. ' . \App::$query_string);
|
||||
$observer = \App::get_observer();
|
||||
logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)'));
|
||||
$data = file_get_contents('images/nosign.png');
|
||||
$mimetype = 'image/png';
|
||||
$prvcachecontrol = true;
|
||||
http_status_exit(403,'forbidden');
|
||||
}
|
||||
if(! $exists) {
|
||||
http_status_exit(404,'not found');
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user