From 4064e2d30906d01e696c5de106fd9ff356980a93 Mon Sep 17 00:00:00 2001 From: Robin Getz Date: Sat, 20 Nov 2010 13:13:21 +0100 Subject: Handle do=check before ACL checking --- inc/actions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'inc/actions.php') diff --git a/inc/actions.php b/inc/actions.php index 9db7d5f24..7a6d2eb85 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -50,6 +50,12 @@ function act_dispatch(){ } } + //display some infos + if($ACT == 'check'){ + check(); + $ACT = 'show'; + } + //check permissions $ACT = act_permcheck($ACT); @@ -120,12 +126,6 @@ function act_dispatch(){ if(substr($ACT,0,7) == 'export_') $ACT = act_export($ACT); - //display some infos - if($ACT == 'check'){ - check(); - $ACT = 'show'; - } - //handle admin tasks if($ACT == 'admin'){ // retrieve admin plugin name from $_REQUEST['page'] -- cgit v1.2.3 From 85dcda20ffd82becbe69a7ca5d99e4b6fd99c9ea Mon Sep 17 00:00:00 2001 From: Robin Getz Date: Sat, 20 Nov 2010 13:17:00 +0100 Subject: Send 403 header for permission denied screens when send404 is enabled --- inc/actions.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'inc/actions.php') diff --git a/inc/actions.php b/inc/actions.php index 7a6d2eb85..fb2ae452f 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -20,6 +20,7 @@ function act_dispatch(){ global $ID; global $QUERY; global $lang; + global $conf; $preact = $ACT; @@ -143,6 +144,10 @@ function act_dispatch(){ $ACT = act_permcheck($ACT); } // end event ACTION_ACT_PREPROCESS default action $evt->advise_after(); + // Make sure plugs can handle 'denied' + if($conf['send404'] && $ACT == 'denied') { + header('HTTP/1.0 403 Forbidden'); + } unset($evt); // when action 'show', the intial not 'show' and POST, do a redirect -- cgit v1.2.3