aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-06-07 22:58:46 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-06-07 22:58:46 +0000
commit22f8de74875e5351fd7711f3b7b2b430c98f1c05 (patch)
tree9eb4ebfdbab719feb9d935c74c761d0ce8b606f9
parentceab24db2a7bf459684a650c287770b4ff090f54 (diff)
downloadelgg-22f8de74875e5351fd7711f3b7b2b430c98f1c05.tar.gz
elgg-22f8de74875e5351fd7711f3b7b2b430c98f1c05.tar.bz2
Refs #3510, #3418. Merged fix for forwarding after output to trunk.
git-svn-id: http://code.elgg.org/elgg/trunk@9141 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/group.php5
-rw-r--r--engine/lib/sessions.php9
-rw-r--r--languages/en.php1
3 files changed, 11 insertions, 4 deletions
diff --git a/engine/lib/group.php b/engine/lib/group.php
index d78274961..755482b00 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -276,8 +276,9 @@ function group_gatekeeper($forward = true) {
if ($forward && $allowed == false) {
register_error(elgg_echo('membershiprequired'));
- forward($url, 'member');
- exit;
+ if (!forward($url, 'member')) {
+ throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
+ }
}
return $allowed;
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ae42956a9..407bb69c5 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -472,7 +472,10 @@ function gatekeeper() {
if (!elgg_is_logged_in()) {
$_SESSION['last_forward_from'] = current_page_url();
register_error(elgg_echo('loggedinrequired'));
- forward('', 'login');
+
+ if (!forward('', 'login')) {
+ throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
+ }
}
}
@@ -487,7 +490,9 @@ function admin_gatekeeper() {
if (!elgg_is_admin_logged_in()) {
$_SESSION['last_forward_from'] = current_page_url();
register_error(elgg_echo('adminrequired'));
- forward('', 'admin');
+ if (!forward('', 'admin')) {
+ throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
+ }
}
}
diff --git a/languages/en.php b/languages/en.php
index 83fb66dad..46ac19a34 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -170,6 +170,7 @@ $english = array(
'ConfigurationException:NoSiteID' => "No site ID has been specified.",
'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.",
'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.",
+ 'SecurityException:UnexpectedOutputInGatekeeper' => 'Unexpected output in gatekeeper call. Halting execution for security. Search http://docs.elgg.org/ for more information.',
'InvalidParameterException:APIMethodOrFunctionNotSet' => "Method or function not set in call in expose_method()",
'InvalidParameterException:APIParametersArrayStructure' => "Parameters array structure is incorrect for call to expose method '%s'",
'InvalidParameterException:UnrecognisedHttpMethod' => "Unrecognised http method %s for api method '%s'",