From 7bb59ad2a154c75949d856c84dced71b2fe59a20 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Sat, 31 Dec 2011 09:09:07 -0800
Subject: [PATCH] don't show profile page of silenced users

---
 actions/showstream.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/actions/showstream.php b/actions/showstream.php
index a3b1794313..4a7d758380 100644
--- a/actions/showstream.php
+++ b/actions/showstream.php
@@ -63,6 +63,15 @@ class ShowstreamAction extends ProfileAction
 
         $p = Profile::current();
 
+        // Only the user him/herself, or someone with the power to unsilence,
+        // can view the page of a silenced user.
+
+        if (($this->profile->hasRole(Profile_role::SILENCED)) && 
+            (empty($p) || (($p->id != $this->profile->id) && (!$p->hasRight(Right::SILENCEUSER))))) {
+            throw new ServerException(sprintf(_("User %s has been silenced."), $this->profile->nickname),
+                                      403);
+        }
+
         if (empty($this->tag)) {
             $stream = new ProfileNoticeStream($this->profile, $p);
         } else {
-- 
2.39.2