diff options
author | Cash Costello <cash.costello@gmail.com> | 2011-10-06 16:58:22 -0700 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2011-10-06 16:58:22 -0700 |
commit | 26b56fb5d6d71bb56f03d0d4e999e09a1fc81476 (patch) | |
tree | 667e08543ddbfed585a1d99c8b115c0cd5c7557c | |
parent | 4706f47ca0b19d9baa45742ae7c8d270c42e9490 (diff) | |
parent | 57c409526195ebbd46b239f4af06ef199d001df9 (diff) | |
download | elgg-26b56fb5d6d71bb56f03d0d4e999e09a1fc81476.tar.gz elgg-26b56fb5d6d71bb56f03d0d4e999e09a1fc81476.tar.bz2 |
Merge pull request #69 from mrclay/issue3765
Fixes #3765 forward throws Exception if headers sent.
-rw-r--r-- | engine/lib/elgglib.php | 4 | ||||
-rw-r--r-- | engine/lib/group.php | 4 | ||||
-rw-r--r-- | engine/lib/sessions.php | 9 | ||||
-rw-r--r-- | languages/en.php | 2 |
4 files changed, 6 insertions, 13 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index c62175629..64bdf9276 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -143,9 +143,9 @@ function forward($location = "", $reason = 'system') { } else if ($location === '') { exit; } + } else { + throw new SecurityException(elgg_echo('SecurityException:ForwardFailedToRedirect')); } - - return false; } /** diff --git a/engine/lib/group.php b/engine/lib/group.php index e7b70fd10..7fa188cd6 100644 --- a/engine/lib/group.php +++ b/engine/lib/group.php @@ -276,9 +276,7 @@ function group_gatekeeper($forward = true) { if ($forward && $allowed == false) { register_error(elgg_echo('membershiprequired')); - if (!forward($url, 'member')) { - throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper')); - } + forward($url, 'member'); } return $allowed; diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 407bb69c5..ae42956a9 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -472,10 +472,7 @@ function gatekeeper() { if (!elgg_is_logged_in()) { $_SESSION['last_forward_from'] = current_page_url(); register_error(elgg_echo('loggedinrequired')); - - if (!forward('', 'login')) { - throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper')); - } + forward('', 'login'); } } @@ -490,9 +487,7 @@ function admin_gatekeeper() { if (!elgg_is_admin_logged_in()) { $_SESSION['last_forward_from'] = current_page_url(); register_error(elgg_echo('adminrequired')); - if (!forward('', 'admin')) { - throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper')); - } + forward('', 'admin'); } } diff --git a/languages/en.php b/languages/en.php index f1bc8e3b7..c739d554e 100644 --- a/languages/en.php +++ b/languages/en.php @@ -172,7 +172,7 @@ $english = array( 'ConfigurationException:NoSiteID' => "No site ID has been specified.", 'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.", 'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.", - 'SecurityException:UnexpectedOutputInGatekeeper' => 'Unexpected output in gatekeeper call. Halting execution for security. Search http://docs.elgg.org/ for more information.', + 'SecurityException:ForwardFailedToRedirect' => 'Redirect could not be issued due to headers already being sent. Halting execution for security. Search http://docs.elgg.org/ for more information.', 'InvalidParameterException:APIMethodOrFunctionNotSet' => "Method or function not set in call in expose_method()", 'InvalidParameterException:APIParametersArrayStructure' => "Parameters array structure is incorrect for call to expose method '%s'", 'InvalidParameterException:UnrecognisedHttpMethod' => "Unrecognised http method %s for api method '%s'", |