diff options
| author | Nathan Kinkade <nkinkade@nkinka.de> | 2010-09-17 20:23:05 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nkinkade@nkinka.de> | 2010-09-17 20:23:05 +0000 |
| commit | 7a5de04e51daa102840a02af6b9ce8138d08c4bb (patch) | |
| tree | a3f8bcb9ac961523b4835b8865c152c8835f25e7 /modules/gallery/controllers/reauthenticate.php | |
| parent | f96a75f2b13a0bd7a37b320aa5655f67868ca80d (diff) | |
| parent | 3e1743b21fd35b9d6d540e827292f1f4f006b531 (diff) | |
Pulled latest source from upstream.
Diffstat (limited to 'modules/gallery/controllers/reauthenticate.php')
| -rw-r--r-- | modules/gallery/controllers/reauthenticate.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 0486c0fe..53a96374 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -19,12 +19,19 @@ */ class Reauthenticate_Controller extends Controller { public function index() { + $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if (!identity::active_user()->admin) { - access::forbidden(); + if ($is_ajax) { + // We should never be able to get here since Admin_Controller::_reauth_check() won't work + // for non-admins. + access::forbidden(); + } else { + url::redirect(item::root()->abs_url()); + } } + // On redirects from the admin controller, the ajax request indicator is lost, // so we store it in the session. - $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if ($is_ajax) { $v = new View("reauthenticate.html"); $v->form = self::_form(); |