From 7e6cc96e5e01e1ea7a2d662f24a08794569e3eec Mon Sep 17 00:00:00 2001
From: printempw <h@prinzeugen.net>
Date: Sat, 10 Feb 2018 12:55:10 +0800
Subject: [PATCH] Return 403 instead when accessing private textures, close
 #111

---
 app/Http/Controllers/SkinlibController.php | 7 ++++---
 app/Http/Controllers/TextureController.php | 5 +++--
 tests/TextureControllerTest.php            | 2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/SkinlibController.php b/app/Http/Controllers/SkinlibController.php
index 8e0406e7..9b200b88 100644
--- a/app/Http/Controllers/SkinlibController.php
+++ b/app/Http/Controllers/SkinlibController.php
@@ -121,9 +121,10 @@ class SkinlibController extends Controller
         $texture = Texture::find($tid);
 
         if (!$texture || $texture && !Storage::disk('textures')->has($texture->hash)) {
-            if (Option::get('auto_del_invalid_texture') == "1") {
-                if ($texture)
+            if (option('auto_del_invalid_texture')) {
+                if ($texture) {
                     $texture->delete();
+                }
 
                 abort(404, trans('skinlib.show.deleted'));
             }
@@ -132,7 +133,7 @@ class SkinlibController extends Controller
 
         if ($texture->public == "0") {
             if (is_null($this->user) || ($this->user->uid != $texture->uploader && !$this->user->isAdmin()))
-                abort(404, trans('skinlib.show.private'));
+                abort(403, trans('skinlib.show.private'));
         }
 
         return view('skinlib.show')->with('texture', $texture)->with('with_out_filter', true)->with('user', $this->user);
diff --git a/app/Http/Controllers/TextureController.php b/app/Http/Controllers/TextureController.php
index 5d79dbd5..bf96c4b9 100644
--- a/app/Http/Controllers/TextureController.php
+++ b/app/Http/Controllers/TextureController.php
@@ -198,8 +198,9 @@ class TextureController extends Controller
     {
         $player = Player::where('player_name', $player_name)->first();
 
-        if ($player->isBanned())
-            abort(404, trans('general.player-banned'));
+        if ($player->isBanned()) {
+            abort(403, trans('general.player-banned'));
+        }
 
         return $player;
     }
diff --git a/tests/TextureControllerTest.php b/tests/TextureControllerTest.php
index 45636ba4..344ca126 100644
--- a/tests/TextureControllerTest.php
+++ b/tests/TextureControllerTest.php
@@ -25,7 +25,7 @@ class TextureControllerTest extends TestCase
         User::find($player->uid)->setPermission(User::BANNED);
         $this->get("/{$player->player_name}.json")
             ->see(trans('general.player-banned'))
-            ->assertResponseStatus(404);
+            ->assertResponseStatus(403);
 
         User::find($player->uid)->setPermission(User::NORMAL);