summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorEvan Prodromou <evan@controlyourself.ca>2008-09-23 14:20:24 -0400
committerEvan Prodromou <evan@controlyourself.ca>2008-09-23 14:20:24 -0400
commit60baacf80e1b2d8f475633210b5589ab7de048d3 (patch)
treec7e15b1440f70e9b2645e4847da6622d42a0cfad /actions
parent0ee3d6ccb088b396926a372854e9949785a52c13 (diff)
better logic around protecting messages
darcs-hash:20080923182024-5ed1f-cd751ae81cde929ab377734a41e0cdad321ffec5.gz
Diffstat (limited to 'actions')
-rw-r--r--actions/showmessage.php9
1 files changed, 3 insertions, 6 deletions
diff --git a/actions/showmessage.php b/actions/showmessage.php
index ce4a1f372..28e359450 100644
--- a/actions/showmessage.php
+++ b/actions/showmessage.php
@@ -38,15 +38,12 @@ class ShowmessageAction extends MailboxAction {
$cur = common_current_user();
- if (!$cur ||
- $cur->id != $message->from_profile &&
- $cur->id != $message->to_profile)
- {
+ if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) {
+ $this->show_page($cur, 1);
+ } else {
$this->client_error(_('Only the sender and recipient may read this message.'), 403);
return;
}
-
- $this->show_page($cur, 1);
}
function get_message() {