From b5cf24456f4868a0e553af389e1b482984bc8a86 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 20 Jan 2010 00:51:34 -0800 Subject: Forbidden is a 403, not a 503. --- modules/gallery/helpers/access.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index e0a0e979..2cfaa947 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -183,10 +183,10 @@ class access_Core { } /** - * Terminate immediately with an HTTP 503 Forbidden response. + * Terminate immediately with an HTTP 403 Forbidden response. */ static function forbidden() { - throw new Exception("@todo FORBIDDEN", 503); + throw new Exception("@todo FORBIDDEN", 403); } /** -- cgit v1.2.3 From 00957f79bab42b2323b9fe52425b1e0ed51137ac Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 20 Jan 2010 22:46:46 -0800 Subject: Throw Kohana_Exception instead of Exception on access denied, since that may bubble all the way up --- modules/gallery/helpers/access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 2cfaa947..10fa8666 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -186,7 +186,7 @@ class access_Core { * Terminate immediately with an HTTP 403 Forbidden response. */ static function forbidden() { - throw new Exception("@todo FORBIDDEN", 403); + throw new Kohana_Exception("@todo FORBIDDEN", null, 403); } /** -- cgit v1.2.3 From c5471a76a23897fcb40b3c4661ba898116dabaa7 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 31 Jan 2010 13:27:05 -0800 Subject: htaccess_works() can't use var/tmp anymore because that's locked down. So just create var/security_test and delete it when we're done. --- modules/gallery/helpers/access.php | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 10fa8666..29b981e8 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -663,23 +663,28 @@ class access_Core { * working and our permission system works. */ static function htaccess_works() { - $success_url = url::file("var/tmp/security_test/success"); + $success_url = url::file("var/security_test/success"); - @mkdir(VARPATH . "tmp/security_test"); - if ($fp = @fopen(VARPATH . "tmp/security_test/.htaccess", "w+")) { - fwrite($fp, "RewriteEngine On\n"); - fwrite($fp, "RewriteRule verify $success_url [L]\n"); - fclose($fp); - } + @mkdir(VARPATH . "security_test"); + try { + if ($fp = @fopen(VARPATH . "security_test/.htaccess", "w+")) { + fwrite($fp, "RewriteEngine On\n"); + fwrite($fp, "RewriteRule verify $success_url [L]\n"); + fclose($fp); + } - if ($fp = @fopen(VARPATH . "tmp/security_test/success", "w+")) { - fwrite($fp, "success"); - fclose($fp); - } + if ($fp = @fopen(VARPATH . "security_test/success", "w+")) { + fwrite($fp, "success"); + fclose($fp); + } - list ($response) = remote::do_request(url::abs_file("var/tmp/security_test/verify")); - $works = $response == "HTTP/1.1 200 OK"; - @dir::unlink(VARPATH . "tmp/security_test"); + list ($response) = remote::do_request(url::abs_file("var/security_test/verify")); + $works = $response == "HTTP/1.1 200 OK"; + } catch (Exception $e) { + @dir::unlink(VARPATH . "security_test"); + throw $e; + } + @dir::unlink(VARPATH . "security_test"); return $works; } -- cgit v1.2.3