From 25d9fbf8469f1dfd1f34198720b81cb001b21131 Mon Sep 17 00:00:00 2001 From: Deon George Date: Wed, 15 May 2013 17:06:23 +1000 Subject: [PATCH] Throw 403/412 when using ajax as appropriate Added error pages --- classes/lnApp/Controller/TemplateDefault.php | 17 ++++------------- views/errors/403.php | 5 +++++ views/errors/404.php | 5 +++++ views/errors/412.php | 5 +++++ views/errors/501.php | 6 ++++++ 5 files changed, 25 insertions(+), 13 deletions(-) create mode 100644 views/errors/403.php create mode 100644 views/errors/404.php create mode 100644 views/errors/412.php create mode 100644 views/errors/501.php diff --git a/classes/lnApp/Controller/TemplateDefault.php b/classes/lnApp/Controller/TemplateDefault.php index 87fd109..7c12de5 100644 --- a/classes/lnApp/Controller/TemplateDefault.php +++ b/classes/lnApp/Controller/TemplateDefault.php @@ -70,7 +70,7 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa // Actions that start with ajax, should only be ajax if (! Kohana::$config->load('debug')->ajax AND preg_match('/^ajax/',Request::current()->action()) AND ! Request::current()->is_ajax()) - die(); + throw HTTP_Exception::factory(412,_('Unable to fulfil request.')); parent::before(); @@ -82,18 +82,9 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa // If auth is required and the user is logged in, then they dont have access. // (We have already checked authorisation.) if (Auth::instance()->logged_in(NULL,get_class($this).'|'.__METHOD__)) { - if (Config::sitemode() == Kohana::DEVELOPMENT) - SystemMessage::add(array( - 'title'=>_('Insufficient Access'), - 'type'=>'debug', - 'body'=>Debug::vars(array('required'=>$this->auth_required,'action'=>$this->request->action(),'user'=>Auth::instance()->get_user()->username)), - )); - - // @todo Login No Access redirects are not handled in JS? - if ($this->request->is_ajax()) { - echo _('You dont have enough permissions.'); - die(); - } else + if ($this->request->is_ajax()) + throw HTTP_Exception::factory(403,_('You dont have enough permissions.')); + else HTTP::redirect('login/noaccess'); } else { diff --git a/views/errors/403.php b/views/errors/403.php new file mode 100644 index 0000000..e0e0516 --- /dev/null +++ b/views/errors/403.php @@ -0,0 +1,5 @@ +

Oops!

+

403 Not Found or Not Authorised?

+
+ Sorry, either the item doesnt exist, or you are not authorised to see it. +
diff --git a/views/errors/404.php b/views/errors/404.php new file mode 100644 index 0000000..539ad46 --- /dev/null +++ b/views/errors/404.php @@ -0,0 +1,5 @@ +

Oops!

+

404 Not Found?

+
+ Sorry, an error has occured, requested page not found? +
diff --git a/views/errors/412.php b/views/errors/412.php new file mode 100644 index 0000000..7f5120a --- /dev/null +++ b/views/errors/412.php @@ -0,0 +1,5 @@ +

Oops!

+

412 Unable to fulfil your request?

+
+ Your request needs more information before it can be fulfilled. +
diff --git a/views/errors/501.php b/views/errors/501.php new file mode 100644 index 0000000..2935092 --- /dev/null +++ b/views/errors/501.php @@ -0,0 +1,6 @@ +

Oops!

+

501 Bother, something went wrong.

+ +
+ If this keeps happening, please let us know. +