X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=2f8d180fdb9c60c1824bb84858d3068515f0ecda;hb=8c245a5d2f4e6882211ac17561f86537a7089c73;hp=6174b10abe9b0d84364b9330e6f82b34d9ee14f5;hpb=04e65823d70d448400d3be7f0b3244ea8658834d;p=friendica.git

diff --git a/mod/photo.php b/mod/photo.php
index 6174b10abe..2f8d180fdb 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -13,18 +13,25 @@ function photo_init(&$a) {
 		case 1:
 		default:
 			killme();
-			return; // NOTREACHED
+			// NOTREACHED
 	}
 
-	if(x($type)) {
+	$default = 'images/default-profile.jpg';
+
+	if(isset($type)) {
 		switch($type) {
 
 			case 'profile':
 				$resolution = 4;
 				break;
+			case 'micro':
+				$resolution = 6;
+				$default = 'images/default-profile-mm.jpg';
+				break;
 			case 'avatar':
 			default:
 				$resolution = 5;
+				$default = 'images/default-profile-sm.jpg';
 				break;
 		}
 
@@ -37,10 +44,8 @@ function photo_init(&$a) {
 		if(count($r)) {
 			$data = $r[0]['data'];
 		}
-		if(x($data) === false) {
-			$data = file_get_contents(($resolution == 5) 
-				? 'images/default-profile-sm.jpg' 
-				: 'images/default-profile.jpg');
+		if(! isset($data)) {
+			$data = file_get_contents($default);
 		}
 	}
 	else {
@@ -103,19 +108,34 @@ function photo_init(&$a) {
 			if(count($r)) {
 				$data = $r[0]['data'];
 			}
+			else {
+
+				// Does the picture exist? It may be a remote person with no credentials,
+				// but who should otherwise be able to view it. Show a default image to let 
+				// them know permissions was denied. It may be possible to view the image 
+				// through an authenticated profile visit.
+				// There won't be many complete unauthorised people seeing this because
+				// they won't have the photo link, so there's a reasonable chance that the person
+				// might be able to obtain permission to view it.
+ 
+				$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+					dbesc($photo),
+					intval($resolution)
+				);
+				if(count($r)) {
+					$data = file_get_contents('images/nosign.jpg');
+				}
+			}
 		}
 	}
 
-	if(x($data) === false) {
+	if(! isset($data)) {
 		killme();
-		return; // NOTREACHED
+		// NOTREACHED
 	}
 
-        header("Content-type: image/jpeg");
-	header('Expires: ' . datetime_convert('UTC','UTC', 'now + 30 minutes', 'D, d M Y H:i:s' . ' GMT'));
-	header('Expires: ' . datetime_convert('UTC','UTC', 'now + 30 minutes', 'D, d M Y H:i:s' . ' GMT'));
-	header("Cache-Control: max-age=3600, must-revalidate");
-        echo $data;
+	header("Content-type: image/jpeg");
+	echo $data;
 	killme();
-	return; //NOTREACHED
+	// NOTREACHED
 }
\ No newline at end of file