diff options
| author | Cash Costello <cash.costello@gmail.com> | 2012-07-04 13:07:14 -0400 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2012-07-04 13:07:14 -0400 |
| commit | 663deabe7225163336f772494c2c606d4d5d8af3 (patch) | |
| tree | 0bcc9c67ab5096203cb14e1c79574962519a6d57 | |
| parent | d021adfebbb7a0deee8beb7d1d38b9b7f18f0a3f (diff) | |
| download | elgg-663deabe7225163336f772494c2c606d4d5d8af3.tar.gz elgg-663deabe7225163336f772494c2c606d4d5d8af3.tar.bz2 | |
user avatar direct serves 404 if no identifiying information sent
| -rw-r--r-- | mod/profile/icondirect.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index 6c3148f2b..c4439f78c 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -11,6 +11,12 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php'); global $CONFIG; +// won't be able to serve anything if no joindate or guid +if (!isset($_GET['joindate']) || !isset($_GET['guid'])) { + header("HTTP/1.1 404 Not Found"); + exit; +} + $join_date = (int)$_GET['joindate']; $last_cache = (int)$_GET['lastcache']; // icontime $guid = (int)$_GET['guid']; |