Committer: wisest-owl
LJSUP-13676: Private phonepost return "unhandled error" if user can't view it.U trunk/cgi-bin/phonepost.pl
Modified: trunk/cgi-bin/phonepost.pl =================================================================== --- trunk/cgi-bin/phonepost.pl 2012-09-17 14:42:02 UTC (rev 12658) +++ trunk/cgi-bin/phonepost.pl 2012-09-18 07:28:59 UTC (rev 12659) @@ -68,11 +68,19 @@ my ($u, $dppid) = @_; my $bid = int($dppid/256); my $ppe = get_phonepost_entry($u, $bid); - return 404 unless $ppe && $ppe->{jitemid} && $ppe->{anum} == $dppid % 256; + unless ($ppe && $ppe->{jitemid} && $ppe->{anum} == $dppid % 256) { + LJ::Request->pnotes ('error' => 'e404'); + LJ::Request->pnotes ('remote' => LJ::get_remote()); + return LJ::Request::NOT_FOUND; + } # check security of item my $logrow = LJ::get_log2_row($u, $ppe->{jitemid}); - return 404 unless $logrow; + unless ($logrow) { + LJ::Request->pnotes ('error' => 'e404'); + LJ::Request->pnotes ('remote' => LJ::get_remote()); + return LJ::Request::NOT_FOUND; + } if ($u->{statusvis} eq 'S' || $logrow->{security} ne "public") { # get the remote, ignoring IP, since the request is coming @@ -92,7 +100,11 @@ } unless ($viewall || $viewsome && $logrow->{security} eq 'public') { - return 403 unless LJ::can_view($remote, $logrow); + unless (LJ::can_view($remote, $logrow)) { + LJ::Request->pnotes ('error' => 'private'); + LJ::Request->pnotes ('remote' => LJ::get_remote()); + return LJ::Request::FORBIDDEN; + } } } @@ -135,7 +147,11 @@ else { $buffer = LJ::mogclient()->get_file_data("pp:$u->{userid}:$bid"); LJ::Request->send_http_header(); - return 500 unless $buffer && ref $buffer; + unless ($buffer && ref $buffer) { + LJ::Request->pnotes ('error' => 'e500'); + LJ::Request->pnotes ('remote' => LJ::get_remote()); + return LJ::Request::SERVER_ERROR; + } LJ::Request->print($$buffer); } @@ -152,7 +168,11 @@ } }); LJ::Request->print($buffer) if length($buffer); - return 500 unless $ret; + unless ($ret) { + LJ::Request->pnotes ('error' => 'e500'); + LJ::Request->pnotes ('remote' => LJ::get_remote()); + return LJ::Request::SERVER_ERROR; + } } return 200;