mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-04-29 02:34:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

Improve code redirection for indexController

Browse Source 
- add comments
- forward request is done in the controller (no Minz_Request::forward() in the
view, please)
- "soft" forward to the login form (no need of 302)
- show a 403 page (no authenticated) for rss output when token is wrong
This commit is contained in:
Marien Fressinaud
2014-02-15 11:43:07 +01:00
parent fb7bc50673
commit a34941f418
3 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controllers/feedController.php
View File

@@ -3,7 +3,10 @@
class FreshRSS_feed_Controller extends Minz_ActionController {
public function firstAction () {
if (!$this->view->loginOk) {
$token = $this->view->conf->token; //TODO: check the token logic again, and if it is still needed
// Token is useful in the case that anonymous refresh is forbidden
// and CRON task cannot be used with php command so the user can
// set a CRON task to refresh his feeds by using token inside url
$token = $this->view->conf->token;
$token_param = Minz_Request::param ('token', '');
$token_is_ok = ($token != '' && $token == $token_param);
$action = Minz_Request::actionName ();

11
app/Controllers/indexController.php
View File

@@ -11,7 +11,16 @@ class FreshRSS_index_Controller extends Minz_ActionController {
if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) {
$token_param = Minz_Request::param ('token', '');
$token_is_ok = ($token != '' && $token === $token_param);
if (!($output === 'rss' && $token_is_ok)) {
if ($output === 'rss' && !$token_is_ok) {
Minz_Error::error (
403,
array ('error' => array (Minz_Translate::t ('access_denied')))
);
return;
} elseif ($output !== 'rss') {
// "hard" redirection is not required, just ask dispatcher to
// forward to the login form without 302 redirection
Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'));
return;
}
}

19
app/views/index/index.phtml
View File

@@ -3,9 +3,7 @@
$output = Minz_Request::param ('output', 'normal');
if ($this->loginOk || Minz_Configuration::allowAnonymous()) {
if ($output === 'normal') {
$this->renderHelper ('view/normal_view');
} elseif ($output === 'rss') {
if ($output === 'rss') {
$this->renderHelper ('view/rss_view');
} elseif ($output === 'reader') {
$this->renderHelper ('view/reader_view');
@@ -17,16 +15,9 @@ if ($this->loginOk || Minz_Configuration::allowAnonymous()) {
$this->renderHelper ('view/normal_view');
}
} elseif ($output === 'rss') {
// TODO: verification of token and redirection must be done in the
// controller, not in the view
$token = $this->conf->token;
$token_param = Minz_Request::param ('token', '');
$token_is_ok = ($token != '' && $token == $token_param);
if ($token_is_ok) {
$this->renderHelper ('view/rss_view');
} else {
Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true);
}
// token has already been checked in the controller so we can show the view
$this->renderHelper ('view/rss_view');
} else {
Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true);
// Normally, it should not happen, but log it anyway
Minz_Log::record ('Something is wrong in ' . __FILE__ . ' line ' . __LINE__, Minz_Log::ERROR);
}