diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-02-19 20:19:11 +0100 |
|---|---|---|
| committer | Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-02-19 20:19:11 +0100 |
| commit | 3aeea28ac7a1aa0bd07f23b1639c14985ff241ad (patch) | |
| tree | 48e391d1aee6db4797cc46bd23ffb4dce311f46b /app/Controllers/indexController.php | |
| parent | 165eb57459a152b3cc6aa3fd15ca990c3d908829 (diff) | |
| parent | 04da549e2e52980ccc72689c32793222be76279d (diff) | |
Merge branch 'dev'
Diffstat (limited to 'app/Controllers/indexController.php')
| -rwxr-xr-x | app/Controllers/indexController.php | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 986a322a1..38f4c0e7c 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -5,18 +5,24 @@ class FreshRSS_index_Controller extends Minz_ActionController { public function indexAction () { $output = Minz_Request::param ('output'); - $token = ''; + $token = $this->view->conf->token; // check if user is logged in - if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) - { - $token = $this->view->conf->token; + if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) { $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token === $token_param); - if (!($output === 'rss' && $token_is_ok)) { + if ($output === 'rss' && !$token_is_ok) { + Minz_Error::error ( + 403, + array ('error' => array (Minz_Translate::t ('access_denied'))) + ); + return; + } elseif ($output !== 'rss') { + // "hard" redirection is not required, just ask dispatcher to + // forward to the login form without 302 redirection + Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin')); return; } - $params['token'] = $token; } // construction of RSS url of this feed @@ -25,6 +31,9 @@ class FreshRSS_index_Controller extends Minz_ActionController { if (isset ($params['search'])) { $params['search'] = urlencode ($params['search']); } + if (!Minz_Configuration::allowAnonymous()) { + $params['token'] = $token; + } $this->view->rss_url = array ( 'c' => 'index', 'a' => 'index', @@ -342,6 +351,11 @@ class FreshRSS_index_Controller extends Minz_ActionController { } $this->view->_useLayout(false); Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); + } elseif (!Minz_Configuration::canLogIn()) { + Minz_Error::error ( + 403, + array ('error' => array (Minz_Translate::t ('access_denied'))) + ); } invalidateHttpCache(); } |