]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
better logic around protecting messages
authorEvan Prodromou <evan@controlyourself.ca>
Tue, 23 Sep 2008 18:20:24 +0000 (14:20 -0400)
committerEvan Prodromou <evan@controlyourself.ca>
Tue, 23 Sep 2008 18:20:24 +0000 (14:20 -0400)
darcs-hash:20080923182024-5ed1f-cd751ae81cde929ab377734a41e0cdad321ffec5.gz

actions/showmessage.php

index ce4a1f37273d964c2b8fb9565ec0584c3cbaa748..28e35945065e43e6fd0728166cf7d8990ef6af12 100644 (file)
@@ -38,15 +38,12 @@ class ShowmessageAction extends MailboxAction {
                
                $cur = common_current_user();
                
-               if (!$cur ||
-                       $cur->id != $message->from_profile &&
-                       $cur->id != $message->to_profile) 
-               {
+               if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) {
+                       $this->show_page($cur, 1);
+               } else {
                        $this->client_error(_('Only the sender and recipient may read this message.'), 403);
                        return;
                }
-                       
-               $this->show_page($cur, 1);
        }
        
        function get_message() {