Don't check user permissions unless there's a user

Fixes #4355
dnnsoftware · Dec 11, 2020 · f97a115 · f97a115
1 parent 27c6974
commit f97a115
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/DNN Platform/Library/Services/GeneratedImage/ImageHandlerInternal.cs b/DNN Platform/Library/Services/GeneratedImage/ImageHandlerInternal.cs
@@ -221,10 +221,10 @@ public void HandleImageRequest(HttpContextBase context, Func<NameValueCollection
 
             string cacheId = this.GetUniqueIDString(context, uniqueIdStringSeed);
 
+            var userId = -1;
             var cacheCleared = false;
-            var profilepic = context.Request.QueryString["mode"];
-            int userId = -1;
-            if ("profilepic".Equals(profilepic, StringComparison.InvariantCultureIgnoreCase))
+            var isProfilePic = "profilepic".Equals(context.Request.QueryString["mode"], StringComparison.InvariantCultureIgnoreCase);
+            if (isProfilePic)
             {
                 if (int.TryParse(context.Request.QueryString["userId"], out userId))
                 {
@@ -260,7 +260,7 @@ public void HandleImageRequest(HttpContextBase context, Func<NameValueCollection
             // Handle Server cache
             if (this.EnableServerCache)
             {
-                if (!this.IsPicVisibleToCurrentUser(userId))
+                if (isProfilePic && !this.IsPicVisibleToCurrentUser(userId))
                 {
                     string message = "Not allowed to see profile picture";