diff options
author | Evan Prodromou <evan@controlyourself.ca> | 2008-09-23 14:20:24 -0400 |
---|---|---|
committer | Evan Prodromou <evan@controlyourself.ca> | 2008-09-23 14:20:24 -0400 |
commit | 60baacf80e1b2d8f475633210b5589ab7de048d3 (patch) | |
tree | c7e15b1440f70e9b2645e4847da6622d42a0cfad /actions | |
parent | 0ee3d6ccb088b396926a372854e9949785a52c13 (diff) |
better logic around protecting messages
darcs-hash:20080923182024-5ed1f-cd751ae81cde929ab377734a41e0cdad321ffec5.gz
Diffstat (limited to 'actions')
-rw-r--r-- | actions/showmessage.php | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/actions/showmessage.php b/actions/showmessage.php index ce4a1f372..28e359450 100644 --- a/actions/showmessage.php +++ b/actions/showmessage.php @@ -38,15 +38,12 @@ class ShowmessageAction extends MailboxAction { $cur = common_current_user(); - if (!$cur || - $cur->id != $message->from_profile && - $cur->id != $message->to_profile) - { + if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) { + $this->show_page($cur, 1); + } else { $this->client_error(_('Only the sender and recipient may read this message.'), 403); return; } - - $this->show_page($cur, 1); } function get_message() { |