better logic around protecting messages

darcs-hash:20080923182024-5ed1f-cd751ae81cde929ab377734a41e0cdad321ffec5.gz

diff --git a/actions/showmessage.php b/actions/showmessage.php
index ce4a1f37273d964c2b8fb9565ec0584c3cbaa748..28e35945065e43e6fd0728166cf7d8990ef6af12 100644 (file)
--- a/actions/showmessage.php
+++ b/actions/showmessage.php
@@ -38,15 +38,12 @@ class ShowmessageAction extends MailboxAction {
                
                $cur = common_current_user();
                
-               if (!$cur ||
-                       $cur->id != $message->from_profile &&
-                       $cur->id != $message->to_profile) 
-               {
+               if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) {
+                       $this->show_page($cur, 1);
+               } else {
                        $this->client_error(_('Only the sender and recipient may read this message.'), 403);
                        return;
                }
-                       
-               $this->show_page($cur, 1);
        }
        
        function get_message() {