aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2011-10-06 16:58:22 -0700
committerCash Costello <cash.costello@gmail.com>2011-10-06 16:58:22 -0700
commit26b56fb5d6d71bb56f03d0d4e999e09a1fc81476 (patch)
tree667e08543ddbfed585a1d99c8b115c0cd5c7557c
parent4706f47ca0b19d9baa45742ae7c8d270c42e9490 (diff)
parent57c409526195ebbd46b239f4af06ef199d001df9 (diff)
downloadelgg-26b56fb5d6d71bb56f03d0d4e999e09a1fc81476.tar.gz
elgg-26b56fb5d6d71bb56f03d0d4e999e09a1fc81476.tar.bz2
Merge pull request #69 from mrclay/issue3765
Fixes #3765 forward throws Exception if headers sent.
-rw-r--r--engine/lib/elgglib.php4
-rw-r--r--engine/lib/group.php4
-rw-r--r--engine/lib/sessions.php9
-rw-r--r--languages/en.php2
4 files changed, 6 insertions, 13 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index c62175629..64bdf9276 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -143,9 +143,9 @@ function forward($location = "", $reason = 'system') {
} else if ($location === '') {
exit;
}
+ } else {
+ throw new SecurityException(elgg_echo('SecurityException:ForwardFailedToRedirect'));
}
-
- return false;
}
/**
diff --git a/engine/lib/group.php b/engine/lib/group.php
index e7b70fd10..7fa188cd6 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -276,9 +276,7 @@ function group_gatekeeper($forward = true) {
if ($forward && $allowed == false) {
register_error(elgg_echo('membershiprequired'));
- if (!forward($url, 'member')) {
- throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
- }
+ forward($url, 'member');
}
return $allowed;
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 407bb69c5..ae42956a9 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -472,10 +472,7 @@ function gatekeeper() {
if (!elgg_is_logged_in()) {
$_SESSION['last_forward_from'] = current_page_url();
register_error(elgg_echo('loggedinrequired'));
-
- if (!forward('', 'login')) {
- throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
- }
+ forward('', 'login');
}
}
@@ -490,9 +487,7 @@ function admin_gatekeeper() {
if (!elgg_is_admin_logged_in()) {
$_SESSION['last_forward_from'] = current_page_url();
register_error(elgg_echo('adminrequired'));
- if (!forward('', 'admin')) {
- throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
- }
+ forward('', 'admin');
}
}
diff --git a/languages/en.php b/languages/en.php
index f1bc8e3b7..c739d554e 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -172,7 +172,7 @@ $english = array(
'ConfigurationException:NoSiteID' => "No site ID has been specified.",
'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.",
'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.",
- 'SecurityException:UnexpectedOutputInGatekeeper' => 'Unexpected output in gatekeeper call. Halting execution for security. Search http://docs.elgg.org/ for more information.',
+ 'SecurityException:ForwardFailedToRedirect' => 'Redirect could not be issued due to headers already being sent. Halting execution for security. Search http://docs.elgg.org/ for more information.',
'InvalidParameterException:APIMethodOrFunctionNotSet' => "Method or function not set in call in expose_method()",
'InvalidParameterException:APIParametersArrayStructure' => "Parameters array structure is incorrect for call to expose method '%s'",
'InvalidParameterException:UnrecognisedHttpMethod' => "Unrecognised http method %s for api method '%s'",