diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-02-15 11:43:07 +0100 |
|---|---|---|
| committer | Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-02-15 11:43:07 +0100 |
| commit | a34941f41875bcc9d260c8dfcf9d44a00f835bc9 (patch) | |
| tree | bc05f9dfaff8166a791261551cb45f7dd20465a3 /app/Controllers | |
| parent | fb7bc50673f226070c5399bd6bbf07b91eeda01e (diff) | |
Improve code redirection for indexController
- add comments
- forward request is done in the controller (no Minz_Request::forward() in the
view, please)
- "soft" forward to the login form (no need of 302)
- show a 403 page (no authenticated) for rss output when token is wrong
Diffstat (limited to 'app/Controllers')
| -rwxr-xr-x | app/Controllers/feedController.php | 5 | ||||
| -rwxr-xr-x | app/Controllers/indexController.php | 11 |
2 files changed, 14 insertions, 2 deletions
diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 7114fc196..c718fcd5c 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -3,7 +3,10 @@ class FreshRSS_feed_Controller extends Minz_ActionController { public function firstAction () { if (!$this->view->loginOk) { - $token = $this->view->conf->token; //TODO: check the token logic again, and if it is still needed + // Token is useful in the case that anonymous refresh is forbidden + // and CRON task cannot be used with php command so the user can + // set a CRON task to refresh his feeds by using token inside url + $token = $this->view->conf->token; $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token == $token_param); $action = Minz_Request::actionName (); diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index af08edb46..a680c914a 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -11,7 +11,16 @@ class FreshRSS_index_Controller extends Minz_ActionController { if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) { $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token === $token_param); - if (!($output === 'rss' && $token_is_ok)) { + if ($output === 'rss' && !$token_is_ok) { + Minz_Error::error ( + 403, + array ('error' => array (Minz_Translate::t ('access_denied'))) + ); + return; + } elseif ($output !== 'rss') { + // "hard" redirection is not required, just ask dispatcher to + // forward to the login form without 302 redirection + Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin')); return; } } |