From a34941f41875bcc9d260c8dfcf9d44a00f835bc9 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Sat, 15 Feb 2014 11:43:07 +0100
Subject: Improve code redirection for indexController

- add comments
- forward request is done in the controller (no Minz_Request::forward() in the
view, please)
- "soft" forward to the login form (no need of 302)
- show a 403 page (no authenticated) for rss output when token is wrong
---
 app/Controllers/indexController.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'app/Controllers/indexController.php')

diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index af08edb46..a680c914a 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -11,7 +11,16 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) {
 			$token_param = Minz_Request::param ('token', '');
 			$token_is_ok = ($token != '' && $token === $token_param);
-			if (!($output === 'rss' && $token_is_ok)) {
+			if ($output === 'rss' && !$token_is_ok) {
+				Minz_Error::error (
+					403,
+					array ('error' => array (Minz_Translate::t ('access_denied')))
+				);
+				return;
+			} elseif ($output !== 'rss') {
+				// "hard" redirection is not required, just ask dispatcher to
+				// forward to the login form without 302 redirection
+				Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'));
 				return;
 			}
 		}
-- 
cgit v1.2.3