From 2270e73fcd231013929d5f9e7475fc8b0d872149 Mon Sep 17 00:00:00 2001 From: Friendika Date: Wed, 9 Mar 2011 21:29:32 -0800 Subject: [PATCH] show permission denied photo when direct link was accessed and authentication is insufficient to view --- images/nosign.jpg | Bin 0 -> 6498 bytes mod/photo.php | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 images/nosign.jpg diff --git a/images/nosign.jpg b/images/nosign.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b73629332d8a6fa9121bc265ba6b571a4ba65fa2 GIT binary patch literal 6498 zcmeI0S5#B&wuTo32=GhqUuOclJL7F6lD7|+?P$|+v zFBYnFkfIp89-}jAY&3CN#V&>v2K#znY-~b5;3DACd z0T=UtCO{4%BO?QmU*5>c$tl2BD8ZLO_t#%kR~YCR85!sp7?@bEvN17pvM?~P^Rjb7 zAW$fjiH%Qyk6Yj>HHx0Ac`Cffiq!h(?UaodrZ_J$g{H$z@@!Skq-gVR7LIpml~7ab{SHQn4v& z&%0GjM$1#d01APEMGnykuVDwfbM{QWyeO{g*oi~iB_LhY-heYgDx6C0apV|7PF{LrRaSWr?De;26^m8zWS!;qo&_ibfo z24V#RhLiDHo?wr$aKqvHAXEOjL)sr%p||)(Q^%BK!%3d|ehK9K@Xq3h;Zy$OHUneR zdF%%AW;Ryj;i23Faw^kH&>7q;cY?_j7UW6y2Q0>nv4U5fpKY2f6m94uU`$K|UAJV@ za4_$0xW=ahFGziqN7pBGT2tEf-X|cd0_gDhhk6m_GRw~0&-T`ANc5BzR3FF5zjp}EPc-Y|{A>dEb?t0G26tIfM~ z{HXNfrnIP%JCE5x<>%M&`lKx^teI_$g`oHqL&_s~rfqFrubA}I5FQe{++M+$l;h^-< z9;P-@>rp&x;915fE%w-WEerrYo_qLy$jRU8=)T&L`8Vkkw^@g_%%*6y`klwDJC0gv*x z={@D|5c7_ao>a~QQcSW$e?e`vVHM>r#%Us-K8p*&KVKF3WajKjz#Pw&zZM&J`oAS?O1?CEidShs0FD z9OnWWQvMxs>Inbr=|RciFxo%eT;vdDdrI7vEZpyx^u&s4M@NmGy~* zt`8fRZ`Mk0YWT82qaTtOl(;>qw*M_x68+a(S2hCKj8IDvYDD;1VdYJp-{>zGcYk8# zM(Eighh-4`m45N(hAG=-qGg`2;3*t`4;;k^=u#e_qb64m3?*BAj3MdH@vRN5OE0{f zEvJwe90URL)>kuMOGI%PEErNYcCw8!o(&S(rL@hUJM{+?J?$SjzZ~dF3a-%#NGRa> zXO|we5E&KM{oSB})_*`IGZ5)Px95-BdK;|fBnPt&?m9vyN{UYCY%@com#MnD@4z9E zl*o4Mca?okwtQ9nhfDt307O(ioBt$Rva;`RH!4(#7^Rg#Q~gA7aQ;W~s~?b)?WY|D z^Q0p#DXxvTodp#7C>^ujC+J)NKMAns%0vDeNGX5>&C%_GnlLT#_L0Jg*rep3FgR*v z+@qGB=ko2HwSkrUh&CO>4}}oxiLkjgo`9|DqeH(5*~o@G5?ZXoy~0rGgN-T6Y9RD0 z#ds?H@YVi?)#HqzfJps04a1tArL~eDle3^Mn>d_A@6Y*C!H&N6&yJO*{nV2#=5Ks; zAdK>Wo1S54tG(4i($Jdas$Ob^d4nrhD`Je_j$$&oXyf#F=$bcNbK!mZm;|GJ_`8w2 ztNxkiCe3t=UNRFO~(p5;E!E(UE_jGKNi?+$+B zaW>nj{Lpu;P|VytKX_pl*+~WC{ql_Z_YE!&=P2{>w~Z?1JUuRNr*E9>nrD4T#X$pS z=GIjnDZ##)Y?(W&(!5;_qL6>9$B~)cI@b`;1Y*9?`yI(7wb3=7f ziF4F0zLPcX&09Qw7VG}hD#O>i>Z>q{SM=gPHV@;bpl*_~_1oAoXUdZ(q{6WD7#SCP zg{|~=>io95)or>e*8WeY-zXoY%6#d4@It z^b-DthLEt=q^BF47T7*$O-N^XHB}M5o~k6^3e45iLsV5-aJxEv!8t@r!IyeQ>@8c$ zmBg;Z0FosGm>qTQf8qxpw_Omx+&(4H`&6Qh$$2uCrOb2^bb4dqc*al8^{!JXho*RA zY_1!xum&S3DpeLBsm4zXJVZRSVRz;FQ&25|SMoX0cMiRE?|C{##dh(msWAH)+|nu5 zXi%cKG*1UfA03Xt(g1*~*z+}6Ssc?lPK3~!aAN@4^y_(F%iN4dBvT?II$4$kcL)Rt ze24vTLB77WtkTEgQN1KTN}A{ASzv);Rv1;WmJE}#6y_{?V~^J1c%b;cbd2-mD~!Jo ztNUx`*NL7g3fx}a=aNe-_oQEmKg=@Yo7gNC&iGjL2pbY<%5)}MHqxCu-`~r2COt*! zaN8Z_rySuH0{ecby@(Vo?H~^Ff?id}e%?ibr}yLxjZ3V*MXDa+3^ z!9dB-8^`qLcw9%+2nomL169-Nx{1gpvMB3Cf=Jdt_K{`+Y_Woz$;XG&O@yYA@kRI% zROd)zl7U{ri>DFLdO%N9n<2xJoL{P;SuA->2}I;JQdIGhsLBr?MUZ1Yanf#qp$>;O zUo-quGqycXTFQPm_^a(rqc_&J%ACkuwG~m8Wqn$$~E}1>TV)71Ryv zh@Id)xdoQ|0mAE^ABHy*ZCx1c;jEt$8k~EmCq$hi&hvJIwv}=phxLE+(jBtb(|J2z zBVTa`Z5g9)q?!>rViRX#{w^yQjgcOF2ndy)m>;?;OXNP$I=|fE46c+PW92nlsZ&MwNZfLZ3_`&$n12Z_bmn| zymI@q2%67a-}Al*0{ESyoB0gdKtWo=q|7O}K&ePJ4d(Vdx zv}id%pcUBmJjDsgzo_eKi@P>5>=;6AZ6<42jG{XrHuNPoFULr1RpuVxwCkjoohA*8 ztc+eF3{;8jsb+S{{9R9rx!fh&=le$A6`ZNIF2$Xhi(*q4vwR*6owZOdItP%w@BGQB z&G37_HF;|o-I+Ye?eqXS6Cr!`y*9a7Lqd|98xhm0Out3nat7oV_It2Epcr$@@l2q ziq?PT=jgxr;p+Q;e*Oo3M3AT$hHFV&k?2*X?}(rHkLYj}vX%>AnDFV2Do6JI@zP*y zuI)=1WY!6IOMJfwYQ$KwZ}jR^eKJmCEuKqU<@~z0gE)QVeoMKQ1)^#OFCs zV=j^HK?NHOZ|VYbL5GkT=WKU}b0YuL2jd4~2fA3wpWu<0(!RzPPux@euT1*&rS9gn z%ZvlHC`QG(Zxh-9?+v(2e&iX5qC3o39$ZZatB{}d!A6CJL(D~Mri)I7dzhHfF3FJ| zLJz7-PwJ;5tZ;S#$Z(?*GxE;4wb^Sj5^StVsKxeD8$(Bdjlt$kI%7Q-?_VikIP#d@ zWdD7w5Mdzg?v||Q1z-}tf8%N|lAHBBW1I*#Dm;*0A>IsQWVr7`P3dX+hTO!Tuh3#6Z;5Z#_eZ*FG~ z`~E<>Wr>3XAp;e4qgKMmEApxeM5koh5v+b_+D+b9ejCTI*1R*?m#L7pn?;1jtCm+V z;q48PR2t@IjqI7wI}+POR8plo9 z1EJaXv&kEZDO+B^hZnvCE7gOFbA|x3sR`mj4{_l)$HKe27XX!Z(=5!Z?~pU6G~$b+ zt9bE!2F~>7CfS66m(F)BknQSov`g|SE*hm(bhFC4B7xQbp~=@*#Eb~9zy}^J zTh*J+98dQ$c$?ZA7Y?Ra-h7=D9o;I1+_oymja<1N|MGoFe48IsL!#RCB_i_0AYk(c|Y_UMK?4E_+cg8IV*&boX ztkH3OtRSU^8WKej4#=|%N99bQo-WHVB3dq;3*)|j{J&Ioy!RDzg$XSP)-Z}`T5yNH ziRKB)=rao*>Y`7M{akN%%d~E{#n+3IubIIVPC#!Xjfm)pwTIjQ9E7~iUB zYVBs+&7bgt4d&|}c%0`YWeRqkdYG3M{}~=m!<^&9zfpx}eL*aYP_CyaM24QCY%&B_ z+s_6i6_zGUab@`kfnCHF!mvwJH{GFqd9U?l(^aqANXvwYbVF&wpwrRl?aj66@^YXL zo;;S%kyWJYtM8XpNo>s6rs)2-e09cY`iomEmsMqRQ8X{rB+^(302VSVJouy-J-M%F z1qvhD^m$LWI3Xh8pZL@ol^#;SBo~j55}TGJvxNMfEIYFJ3LMAxBe}rd{(BabC=6ldRWTBU5#F-l z(P*_QY_h&DCn^xltTdi5DTY{g#(s0xwXTk;vMs0d4-HSpk?h@M8Veo!c>zFf$p48Z zmE|{bda;t>gQ%^WvCGhwE%1)~(RK%*|V(386me1fnJ;aPX1C$%^*J5K*;*HS&Hwu+=L%#^ct2s>lQlp zdp1#)1+44TQ2#8#-*!Tb-1|%Kz3``{6hq2xQN&n@0KYb>o0=HqDYb2qwX|PY(|57w z`aLM4&-^`x^+mV76)CY&9cdhm|4cSdv|umOlM;_XH!nk8Jxb;-d)X38QFEFxslu;f z_im`^;o98+SCOsW9Hgr8i9x!mr*N3x7jwVWNI0HF<{D@0~$Gth&dO- z3V)JRP{jT!l@y%sm9*|rzwWT$j$G&O6}i-o*ph9Nr3Whq=2M(K+gjk%FqfFg5Dlgx z@RF%$C#v11TwnYSmnZa$QTiV3BNSFdKbvmXnE%ZkcmUh|E4oR7RP3?eMZFM{G!>Te zQ9q4jkzpFurWI$`q%%0~%QYU|p^kDlj~>pU=HhRq*gB=TnWl$|yJr(KVW=P)WDn1f zC|}go$46@O+yaDT;hg@O>*(05txDm`ujj99hcdnAM447eGh6d8XaUj1%=2E&He2@V8xkX*%8$@hbWFbj8V4 zjyDcWJ?BS)FxpmMaYEkxpw6?Pbw5d(>)KwT)mX9WgVdJ@Q?P=O;ifQi#CoczOy`MX zyG(DJJS;+x-=s$(vsUc{pK|XF3e&ymTGx!Rilw(O9Cu!cr_x;2^e(Tm4p|a;r@*-r z2Q`tws(T^6^jpTC6UD5Zl@O8<2+D(ByS6zJS#T#&LQub@RJ7r|0p>P!^8U)XiYS!%_w0TCx hxJ;#Qh9t}DK!IPY1EV+*+f*X+Kb(D}QOU*Ze*x7h{|f*B literal 0 HcmV?d00001 diff --git a/mod/photo.php b/mod/photo.php index 7f13d1cbf8..2f8d180fdb 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -108,6 +108,24 @@ function photo_init(&$a) { if(count($r)) { $data = $r[0]['data']; } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many complete unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + $data = file_get_contents('images/nosign.jpg'); + } + } } }