Basic protection against XSRF using Referer

https://github.com/marienfressinaud/FreshRSS/issues/554 Also edited the error controler to use the log message passed in Minz_Error::error().
author: Alexandre Alapetite <alexandre@alapetite.fr> 2014-08-01 20:20:25 +0200
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2014-08-01 20:20:25 +0200
commit: 35be1769de28df3fff1a26e40d1d6b1e587a2847 (patch)
tree: 17c0def5f8acd4910d8cf43c051b9087f5379c0b /app/views/error
parent: aafcd3a879225414ca7fb5a9b74ba06e5ece8c12 (diff)
1 files changed, 2 insertions, 11 deletions
diff --git a/app/views/error/index.phtml b/app/views/error/index.phtml
index 6a09c3aa2..ef4fbd39d 100644
--- a/app/views/error/index.phtml
+++ b/app/views/error/index.phtml
@@ -1,18 +1,9 @@
 <div class="post">
 	<div class="alert alert-error">
 		<h1 class="alert-head"><?php echo $this->code; ?></h1>
-
 		<p>
-			<?php
-			switch(Minz_Request::param ('code')) {
-			case 403:
-				echo Minz_Translate::t ('forbidden_access');
-				break;
-			case 404:
-			default:
-				echo Minz_Translate::t ('page_not_found');
-			} ?><br />
-			<a href="<?php echo _url ('index', 'index'); ?>"><?php echo Minz_Translate::t ('back_to_rss_feeds'); ?></a>
+			<?php echo $this->errorMessage; ?><br />
+			<a href="<?php echo _url('index', 'index'); ?>"><?php echo Minz_Translate::t('back_to_rss_feeds'); ?></a>
 		</p>
 	</div>
 </div>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2014-08-01 20:20:25 +0200
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2014-08-01 20:20:25 +0200
commit	35be1769de28df3fff1a26e40d1d6b1e587a2847 (patch)
tree	17c0def5f8acd4910d8cf43c051b9087f5379c0b /app/views/error
parent	aafcd3a879225414ca7fb5a9b74ba06e5ece8c12 (diff)