Return 403 instead when accessing private textures, close #111

app/Http/Controllers/SkinlibController.php

@@ -121,9 +121,10 @@ class SkinlibController extends Controller
         $texture = Texture::find($tid);
 
         if (!$texture || $texture && !Storage::disk('textures')->has($texture->hash)) {
-            if (Option::get('auto_del_invalid_texture') == "1") {
-                if ($texture)
+            if (option('auto_del_invalid_texture')) {
+                if ($texture) {
                     $texture->delete();
+                }
 
                 abort(404, trans('skinlib.show.deleted'));
             }
@@ -132,7 +133,7 @@ class SkinlibController extends Controller
 
         if ($texture->public == "0") {
             if (is_null($this->user) || ($this->user->uid != $texture->uploader && !$this->user->isAdmin()))
-                abort(404, trans('skinlib.show.private'));
+                abort(403, trans('skinlib.show.private'));
         }
 
         return view('skinlib.show')->with('texture', $texture)->with('with_out_filter', true)->with('user', $this->user);

app/Http/Controllers/TextureController.php

@@ -198,8 +198,9 @@ class TextureController extends Controller
     {
         $player = Player::where('player_name', $player_name)->first();
 
-        if ($player->isBanned())
-            abort(404, trans('general.player-banned'));
+        if ($player->isBanned()) {
+            abort(403, trans('general.player-banned'));
+        }
 
         return $player;
     }

tests/TextureControllerTest.php

@@ -25,7 +25,7 @@ class TextureControllerTest extends TestCase
         User::find($player->uid)->setPermission(User::BANNED);
         $this->get("/{$player->player_name}.json")
             ->see(trans('general.player-banned'))
-            ->assertResponseStatus(404);
+            ->assertResponseStatus(403);
 
         User::find($player->uid)->setPermission(User::NORMAL);