aboutsummaryrefslogtreecommitdiff
path: root/pages/avatar
diff options
context:
space:
mode:
Diffstat (limited to 'pages/avatar')
-rw-r--r--pages/avatar/edit.php5
-rw-r--r--pages/avatar/view.php2
2 files changed, 6 insertions, 1 deletions
diff --git a/pages/avatar/edit.php b/pages/avatar/edit.php
index c71633b8b..56aede887 100644
--- a/pages/avatar/edit.php
+++ b/pages/avatar/edit.php
@@ -11,6 +11,11 @@ elgg_set_context('profile_edit');
$title = elgg_echo('avatar:edit');
$entity = elgg_get_page_owner_entity();
+if (!elgg_instanceof($entity, 'user') || !$entity->canEdit()) {
+ register_error(elgg_echo('avatar:noaccess'));
+ forward(REFERER);
+}
+
$content = elgg_view('core/avatar/upload', array('entity' => $entity));
// only offer the crop view if an avatar has been uploaded
diff --git a/pages/avatar/view.php b/pages/avatar/view.php
index bd6c95821..10d81fef1 100644
--- a/pages/avatar/view.php
+++ b/pages/avatar/view.php
@@ -46,7 +46,7 @@ if (!$success) {
}
header("Content-type: image/jpeg", true);
-header('Expires: ' . date('r', strtotime("+6 months")), true);
+header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true);
header("Pragma: public", true);
header("Cache-Control: public", true);
header("Content-Length: " . strlen($contents));
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 18:15:03 +0000