Action::handle($args);
- $id = $this->trimmed('message');
-
- $message = Message::staticGet('message', $id);
+ $message = $this->get_message();
if (!$message) {
$this->client_error(_('No such message.'), 404);
$cur = common_current_user();
- if (!$cur ||
- $cur->id != $message->from_profile &&
- $cur->id != $message->to_profile)
- {
+ if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) {
+ $this->show_page($cur, 1);
+ } else {
$this->client_error(_('Only the sender and recipient may read this message.'), 403);
return;
}
-
- $this->show_page($cur, 1);
}
function get_message() {
$id = $this->trimmed('message');
- $message = Message::staticGet('message', $id);
+ $message = Message::staticGet('id', $id);
return $message;
}