diff options
| author | Nathan Kinkade <nkinkade@nkinka.de> | 2010-02-10 20:57:53 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nkinkade@nkinka.de> | 2010-02-10 20:57:53 +0000 |
| commit | 10e36fcf1b5acf07c5cc128105af03fb09aac89e (patch) | |
| tree | c5e815b0a4c540d0dc7bc5f90dd1eae3df31017e /modules/gallery/controllers/admin.php | |
| parent | 052476ef44ca801766cbd6bdbfe42d5a0a362e52 (diff) | |
| parent | 8ef08d20883d9b9aa0b7560ce3bf6da8a6632149 (diff) | |
Merge branch 'master' of git://github.com/gallery/gallery3
Diffstat (limited to 'modules/gallery/controllers/admin.php')
| -rw-r--r-- | modules/gallery/controllers/admin.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index e4216991..7706e9fc 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -21,7 +21,7 @@ class Admin_Controller extends Controller { private $theme; public function __construct($theme=null) { - if (!(identity::active_user()->admin)) { + if (!identity::active_user()->admin) { access::forbidden(); } @@ -29,6 +29,10 @@ class Admin_Controller extends Controller { } public function __call($controller_name, $args) { + if (auth::must_reauth_for_admin_area()) { + return self::_prompt_for_reauth($controller_name, $args); + } + if (request::method() == "post") { access::verify_csrf(); } @@ -49,5 +53,13 @@ class Admin_Controller extends Controller { call_user_func_array(array(new $controller_name, $method), $args); } + + private static function _prompt_for_reauth($controller_name, $args) { + if (request::method() == "get" && !request::is_ajax()) { + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", url::current(true)); + } + url::redirect("reauthenticate"); + } } |