Commit 13a09d7e authored by Nigel McNie's avatar Nigel McNie

If a logged out person hits a public page which has thrown an...

If a logged out person hits a public page which has thrown an AccessDeniedException, redirect them to the login page.

Real users are only going to try logging in anyway, and non users aren't going to be able to log in, so it's just a usability improvement.

It might be worth adding a message to say what's happened later.
parent d90c6d2d
......@@ -958,7 +958,7 @@ function auth_get_login_form() {
} else {
$action = '?';
foreach ($_GET as $key => $value) {
if ($key != 'logout') {
if ($key != 'logout' && $key != 'login') {
$action .= hsc($key) . '=' . hsc($value) . '&';
}
}
......
......@@ -763,6 +763,13 @@ class AccessDeniedException extends UserException {
}
public function render_exception() {
global $USER;
if (defined('PUBLIC') && !$USER->is_logged_in()) {
$loginurl = $_SERVER['REQUEST_URI'];
$loginurl .= (false === strpos($loginurl, '?')) ? '?' : '&';
$loginurl .= 'login';
redirect($loginurl);
}
header("HTTP/1.0 403 Forbidden", true);
return parent::render_exception();
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment