X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=inline;f=mod%2Fphoto.php;h=3cd8250a9e7bd727cfbe5666c6b96e58da09f5fb;hb=24f5e6b3f3f1f29cce8923c38fbdfb24fa5ed5a5;hp=1d38fe8e45189c67ccc7f572a881763453e0f67a;hpb=8269d6aa19eb71063ff578b43b237ffd4fea93b1;p=friendica.git

diff --git a/mod/photo.php b/mod/photo.php
index 1d38fe8e45..3cd8250a9e 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -28,6 +28,8 @@ function photo_init(&$a) {
 		}
 	}*/
 
+	$prvcachecontrol = false;
+
 	switch($a->argc) {
 		case 4:
 			$person = $a->argv[3];
@@ -134,6 +136,7 @@ function photo_init(&$a) {
 				);
 				if(count($r)) {
 					$data = file_get_contents('images/nosign.jpg');
+					$prvcachecontrol = true;
 				}
 			}
 		}
@@ -179,8 +182,22 @@ function photo_init(&$a) {
 	}
 
 	header("Content-type: image/jpeg");
- 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
-	header("Cache-Control: max-age=" . (3600*24));
+
+	if($prvcachecontrol) {
+
+		// it is a private photo that they have no permission to view.
+		// tell the browser not to cache it, in case they authenticate
+		// and subsequently have permission to see it
+
+		header("Cache-Control: no-store, no-cache, must-revalidate");
+
+	}
+	else {
+
+	 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
+		header("Cache-Control: max-age=" . (3600*24));
+
+	}
 	echo $data;
 	killme();
 	// NOTREACHED