From 663deabe7225163336f772494c2c606d4d5d8af3 Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Wed, 4 Jul 2012 13:07:14 -0400
Subject: user avatar direct serves 404 if no identifiying information sent

---
 mod/profile/icondirect.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index 6c3148f2b..c4439f78c 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -11,6 +11,12 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
 
 global $CONFIG;
 
+// won't be able to serve anything if no joindate or guid
+if (!isset($_GET['joindate']) || !isset($_GET['guid'])) {
+	header("HTTP/1.1 404 Not Found");
+	exit;
+}
+
 $join_date = (int)$_GET['joindate'];
 $last_cache = (int)$_GET['lastcache']; // icontime
 $guid = (int)$_GET['guid'];
-- 
cgit v1.2.3