mirror of
https://github.com/friendica/friendica
synced 2024-12-23 04:40:15 +00:00
show permission denied photo when direct link was accessed and authentication is insufficient to view
This commit is contained in:
parent
35c3e12df5
commit
2270e73fcd
2 changed files with 18 additions and 0 deletions
BIN
images/nosign.jpg
Normal file
BIN
images/nosign.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 6.3 KiB |
|
@ -108,6 +108,24 @@ function photo_init(&$a) {
|
||||||
if(count($r)) {
|
if(count($r)) {
|
||||||
$data = $r[0]['data'];
|
$data = $r[0]['data'];
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
|
||||||
|
// Does the picture exist? It may be a remote person with no credentials,
|
||||||
|
// but who should otherwise be able to view it. Show a default image to let
|
||||||
|
// them know permissions was denied. It may be possible to view the image
|
||||||
|
// through an authenticated profile visit.
|
||||||
|
// There won't be many complete unauthorised people seeing this because
|
||||||
|
// they won't have the photo link, so there's a reasonable chance that the person
|
||||||
|
// might be able to obtain permission to view it.
|
||||||
|
|
||||||
|
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
|
||||||
|
dbesc($photo),
|
||||||
|
intval($resolution)
|
||||||
|
);
|
||||||
|
if(count($r)) {
|
||||||
|
$data = file_get_contents('images/nosign.jpg');
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue