diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-09-10 23:01:47 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-09-10 23:01:47 -0700 |
| commit | 5892712b237cb1e585b2cc7a6820d2cf3a8c1a34 (patch) | |
| tree | 5e2bc0d14f1dd4e0ed677d4811f56bca0a9e9424 | |
| parent | 6e62d604a45b9bf1a60d04effb7eb08e7d15463c (diff) | |
If the user is not an admin, don't 403 -- instead just redirect them
to the root album. Fixes ticket #1356.
| -rw-r--r-- | modules/gallery/controllers/reauthenticate.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 0486c0fe..53a96374 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -19,12 +19,19 @@ */ class Reauthenticate_Controller extends Controller { public function index() { + $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if (!identity::active_user()->admin) { - access::forbidden(); + if ($is_ajax) { + // We should never be able to get here since Admin_Controller::_reauth_check() won't work + // for non-admins. + access::forbidden(); + } else { + url::redirect(item::root()->abs_url()); + } } + // On redirects from the admin controller, the ajax request indicator is lost, // so we store it in the session. - $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if ($is_ajax) { $v = new View("reauthenticate.html"); $v->form = self::_form(); |