better logic around protecting messages
darcs-hash:20080923182024-5ed1f-cd751ae81cde929ab377734a41e0cdad321ffec5.gz
This commit is contained in:
parent
0ee3d6ccb0
commit
60baacf80e
@ -38,15 +38,12 @@ class ShowmessageAction extends MailboxAction {
|
||||
|
||||
$cur = common_current_user();
|
||||
|
||||
if (!$cur ||
|
||||
$cur->id != $message->from_profile &&
|
||||
$cur->id != $message->to_profile)
|
||||
{
|
||||
if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) {
|
||||
$this->show_page($cur, 1);
|
||||
} else {
|
||||
$this->client_error(_('Only the sender and recipient may read this message.'), 403);
|
||||
return;
|
||||
}
|
||||
|
||||
$this->show_page($cur, 1);
|
||||
}
|
||||
|
||||
function get_message() {
|
||||
|
Loading…
Reference in New Issue
Block a user