aboutsummaryrefslogtreecommitdiff
path: root/app/Controllers/errorController.php
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2014-08-01 20:20:25 +0200
committerGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2014-08-01 20:20:25 +0200
commit35be1769de28df3fff1a26e40d1d6b1e587a2847 (patch)
tree17c0def5f8acd4910d8cf43c051b9087f5379c0b /app/Controllers/errorController.php
parentaafcd3a879225414ca7fb5a9b74ba06e5ece8c12 (diff)
Basic protection against XSRF using Referer
https://github.com/marienfressinaud/FreshRSS/issues/554 Also edited the error controler to use the log message passed in Minz_Error::error().
Diffstat (limited to 'app/Controllers/errorController.php')
-rw-r--r--app/Controllers/errorController.php52
1 files changed, 32 insertions, 20 deletions
diff --git a/app/Controllers/errorController.php b/app/Controllers/errorController.php
index dc9a2ee25..922650b3d 100644
--- a/app/Controllers/errorController.php
+++ b/app/Controllers/errorController.php
@@ -1,26 +1,38 @@
<?php
class FreshRSS_error_Controller extends Minz_ActionController {
- public function indexAction () {
- switch (Minz_Request::param ('code')) {
- case 403:
- $this->view->code = 'Error 403 - Forbidden';
- break;
- case 404:
- $this->view->code = 'Error 404 - Not found';
- break;
- case 500:
- $this->view->code = 'Error 500 - Internal Server Error';
- break;
- case 503:
- $this->view->code = 'Error 503 - Service Unavailable';
- break;
- default:
- $this->view->code = 'Error 404 - Not found';
+ public function indexAction() {
+ switch (Minz_Request::param('code')) {
+ case 403:
+ $this->view->code = 'Error 403 - Forbidden';
+ break;
+ case 404:
+ $this->view->code = 'Error 404 - Not found';
+ break;
+ case 500:
+ $this->view->code = 'Error 500 - Internal Server Error';
+ break;
+ case 503:
+ $this->view->code = 'Error 503 - Service Unavailable';
+ break;
+ default:
+ $this->view->code = 'Error 404 - Not found';
}
-
- $this->view->logs = Minz_Request::param ('logs');
-
- Minz_View::prependTitle ($this->view->code . ' · ');
+
+ $errors = Minz_Request::param('logs', array());
+ $this->view->errorMessage = trim(implode($errors));
+ if ($this->view->errorMessage == '') {
+ switch(Minz_Request::param('code')) {
+ case 403:
+ $this->view->errorMessage = Minz_Translate::t('forbidden_access');
+ break;
+ case 404:
+ default:
+ $this->view->errorMessage = Minz_Translate::t('page_not_found');
+ break;
+ }
+ }
+
+ Minz_View::prependTitle($this->view->code . ' · ');
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 14:21:53 +0000