aboutsummaryrefslogtreecommitdiff
path: root/pages/avatar
diff options
context:
space:
mode:
Diffstat (limited to 'pages/avatar')
-rw-r--r--pages/avatar/edit.php14
-rw-r--r--pages/avatar/view.php2
2 files changed, 13 insertions, 3 deletions
diff --git a/pages/avatar/edit.php b/pages/avatar/edit.php
index eef8f8f8b..56aede887 100644
--- a/pages/avatar/edit.php
+++ b/pages/avatar/edit.php
@@ -10,8 +10,18 @@ elgg_set_context('profile_edit');
$title = elgg_echo('avatar:edit');
-$content = elgg_view('core/avatar/upload', array('entity' => elgg_get_page_owner_entity()));
-$content .= elgg_view('core/avatar/crop', array('entity' => elgg_get_page_owner_entity()));
+$entity = elgg_get_page_owner_entity();
+if (!elgg_instanceof($entity, 'user') || !$entity->canEdit()) {
+ register_error(elgg_echo('avatar:noaccess'));
+ forward(REFERER);
+}
+
+$content = elgg_view('core/avatar/upload', array('entity' => $entity));
+
+// only offer the crop view if an avatar has been uploaded
+if (isset($entity->icontime)) {
+ $content .= elgg_view('core/avatar/crop', array('entity' => $entity));
+}
$params = array(
'content' => $content,
diff --git a/pages/avatar/view.php b/pages/avatar/view.php
index bd6c95821..10d81fef1 100644
--- a/pages/avatar/view.php
+++ b/pages/avatar/view.php
@@ -46,7 +46,7 @@ if (!$success) {
}
header("Content-type: image/jpeg", true);
-header('Expires: ' . date('r', strtotime("+6 months")), true);
+header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true);
header("Pragma: public", true);
header("Cache-Control: public", true);
header("Content-Length: " . strlen($contents));
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-14 15:35:04 +0000