diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-09-12 10:57:41 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-09-12 10:57:41 -0700 |
| commit | bd532f6c88ef54bd47c9b1af46bc8d2c80d4407b (patch) | |
| tree | 7522d38320d6466ac400a97ace5ba3b2d37048fd /modules/gallery/controllers | |
| parent | ac64614d4da7174c085f257f3b8e39aa7afa9eb5 (diff) | |
| parent | f84c4a6192ea0e47ca5b2006baa0bfd7e09a682c (diff) | |
Merge branch 'master' of git@github.com:gallery/gallery3
Diffstat (limited to 'modules/gallery/controllers')
| -rw-r--r-- | modules/gallery/controllers/reauthenticate.php | 11 | ||||
| -rw-r--r-- | modules/gallery/controllers/upgrader.php | 21 |
2 files changed, 27 insertions, 5 deletions
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 0486c0fe..53a96374 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -19,12 +19,19 @@ */ class Reauthenticate_Controller extends Controller { public function index() { + $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if (!identity::active_user()->admin) { - access::forbidden(); + if ($is_ajax) { + // We should never be able to get here since Admin_Controller::_reauth_check() won't work + // for non-admins. + access::forbidden(); + } else { + url::redirect(item::root()->abs_url()); + } } + // On redirects from the admin controller, the ajax request indicator is lost, // so we store it in the session. - $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax()); if ($is_ajax) { $v = new View("reauthenticate.html"); $v->form = self::_form(); diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 6613d671..b2646874 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -54,8 +54,16 @@ class Upgrader_Controller extends Controller { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; - } else if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { - access::forbidden(); + } else { + if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { + access::forbidden(); + } + + try { + access::verify_csrf(); + } catch (Exception $e) { + url::redirect("upgrader"); + } } $available = module::available(); @@ -87,7 +95,14 @@ class Upgrader_Controller extends Controller { site_status::clear("upgrade_now"); if (php_sapi_name() == "cli") { - print "Upgrade complete\n"; + if ($failed) { + print "Upgrade completed ** WITH FAILURES **\n"; + print "The following modules were not successfully upgraded:\n"; + print " " . implode($failed, "\n ") . "\n"; + print "Try getting newer versions or deactivating those modules\n"; + } else { + print "Upgrade complete\n"; + } } else { url::redirect("upgrader?failed=" . join(",", $failed)); } |