GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

better logic around protecting messages 

darcs-hash:20080923182024-5ed1f-cd751ae81cde929ab377734a41e0cdad321ffec5.gz
This commit is contained in:
Evan Prodromou 2008-09-23 14:20:24 -04:00
parent 0ee3d6ccb0
commit 60baacf80e
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
actions/showmessage.php
View File

@ -38,15 +38,12 @@ class ShowmessageAction extends MailboxAction {
$cur = common_current_user();
if (!$cur ||
$cur->id != $message->from_profile &&
$cur->id != $message->to_profile)
{
if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) {
$this->show_page($cur, 1);
} else {
$this->client_error(_('Only the sender and recipient may read this message.'), 403);
return;
}
$this->show_page($cur, 1);
}
function get_message() {