diff options
Diffstat (limited to 'modules/gallery/controllers/admin.php')
| -rw-r--r-- | modules/gallery/controllers/admin.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index e4216991..7706e9fc 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -21,7 +21,7 @@ class Admin_Controller extends Controller { private $theme; public function __construct($theme=null) { - if (!(identity::active_user()->admin)) { + if (!identity::active_user()->admin) { access::forbidden(); } @@ -29,6 +29,10 @@ class Admin_Controller extends Controller { } public function __call($controller_name, $args) { + if (auth::must_reauth_for_admin_area()) { + return self::_prompt_for_reauth($controller_name, $args); + } + if (request::method() == "post") { access::verify_csrf(); } @@ -49,5 +53,13 @@ class Admin_Controller extends Controller { call_user_func_array(array(new $controller_name, $method), $args); } + + private static function _prompt_for_reauth($controller_name, $args) { + if (request::method() == "get" && !request::is_ajax()) { + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", url::current(true)); + } + url::redirect("reauthenticate"); + } } |