user avatar direct serves 404 if no identifiying information sent

author Cash Costello <cash.costello@gmail.com>

Wed, 4 Jul 2012 17:07:14 +0000 (13:07 -0400)

committer Cash Costello <cash.costello@gmail.com>

Wed, 4 Jul 2012 17:07:14 +0000 (13:07 -0400)
author Cash Costello <cash.costello@gmail.com>
Wed, 4 Jul 2012 17:07:14 +0000 (13:07 -0400)
committer Cash Costello <cash.costello@gmail.com>
Wed, 4 Jul 2012 17:07:14 +0000 (13:07 -0400)
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php

index 6c3148f2b9473661104434ce12f0b5b8f52b33e6..c4439f78c76bb083f84e612bfee3c867ae53b08c 100644 (file)
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -11,6 +11,12 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
  
  global $CONFIG;
  
+// won't be able to serve anything if no joindate or guid
+if (!isset($_GET['joindate']) || !isset($_GET['guid'])) {
+       header("HTTP/1.1 404 Not Found");
+       exit;
+}
+
  $join_date = (int)$_GET['joindate'];
  $last_cache = (int)$_GET['lastcache']; // icontime
  $guid = (int)$_GET['guid'];
author	Cash Costello <cash.costello@gmail.com>
	Wed, 4 Jul 2012 17:07:14 +0000 (13:07 -0400)
committer	Cash Costello <cash.costello@gmail.com>
	Wed, 4 Jul 2012 17:07:14 +0000 (13:07 -0400)