X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=2f8d180fdb9c60c1824bb84858d3068515f0ecda;hb=8c245a5d2f4e6882211ac17561f86537a7089c73;hp=d4abb041a0db95981aa7d31852880437ee2b0990;hpb=b94cb8d234d70bc534ad1cef767b9f62d10eef26;p=friendica.git

diff --git a/mod/photo.php b/mod/photo.php
index d4abb041a0..2f8d180fdb 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -13,7 +13,7 @@ function photo_init(&$a) {
 		case 1:
 		default:
 			killme();
-			return; // NOTREACHED
+			// NOTREACHED
 	}
 
 	$default = 'images/default-profile.jpg';
@@ -108,18 +108,34 @@ function photo_init(&$a) {
 			if(count($r)) {
 				$data = $r[0]['data'];
 			}
+			else {
+
+				// Does the picture exist? It may be a remote person with no credentials,
+				// but who should otherwise be able to view it. Show a default image to let 
+				// them know permissions was denied. It may be possible to view the image 
+				// through an authenticated profile visit.
+				// There won't be many complete unauthorised people seeing this because
+				// they won't have the photo link, so there's a reasonable chance that the person
+				// might be able to obtain permission to view it.
+ 
+				$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+					dbesc($photo),
+					intval($resolution)
+				);
+				if(count($r)) {
+					$data = file_get_contents('images/nosign.jpg');
+				}
+			}
 		}
 	}
 
-	if(x($data) === false) {
+	if(! isset($data)) {
 		killme();
-		return; // NOTREACHED
+		// NOTREACHED
 	}
 
-        header("Content-type: image/jpeg");
-	header('Expires: ' . datetime_convert('UTC','UTC', 'now + 3 months', 'D, d M Y H:i:s' . ' GMT'));
-//	header("Cache-Control: max-age=36000, only-if-cached");
-        echo $data;
+	header("Content-type: image/jpeg");
+	echo $data;
 	killme();
-	return; //NOTREACHED
+	// NOTREACHED
 }
\ No newline at end of file