From a34941f41875bcc9d260c8dfcf9d44a00f835bc9 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 15 Feb 2014 11:43:07 +0100 Subject: Improve code redirection for indexController - add comments - forward request is done in the controller (no Minz_Request::forward() in the view, please) - "soft" forward to the login form (no need of 302) - show a 403 page (no authenticated) for rss output when token is wrong --- app/views/index/index.phtml | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) (limited to 'app/views') diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml index 1810a95b3..78271291e 100644 --- a/app/views/index/index.phtml +++ b/app/views/index/index.phtml @@ -3,9 +3,7 @@ $output = Minz_Request::param ('output', 'normal'); if ($this->loginOk || Minz_Configuration::allowAnonymous()) { - if ($output === 'normal') { - $this->renderHelper ('view/normal_view'); - } elseif ($output === 'rss') { + if ($output === 'rss') { $this->renderHelper ('view/rss_view'); } elseif ($output === 'reader') { $this->renderHelper ('view/reader_view'); @@ -17,16 +15,9 @@ if ($this->loginOk || Minz_Configuration::allowAnonymous()) { $this->renderHelper ('view/normal_view'); } } elseif ($output === 'rss') { - // TODO: verification of token and redirection must be done in the - // controller, not in the view - $token = $this->conf->token; - $token_param = Minz_Request::param ('token', ''); - $token_is_ok = ($token != '' && $token == $token_param); - if ($token_is_ok) { - $this->renderHelper ('view/rss_view'); - } else { - Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true); - } + // token has already been checked in the controller so we can show the view + $this->renderHelper ('view/rss_view'); } else { - Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true); + // Normally, it should not happen, but log it anyway + Minz_Log::record ('Something is wrong in ' . __FILE__ . ' line ' . __LINE__, Minz_Log::ERROR); } -- cgit v1.2.3