whitespace changes. Make Privacy test an else so that PRIVACY checks don't happen if not logged in

This commit is contained in:
Isaac Connor 2018-08-31 10:37:11 -04:00
parent 4b30ea7877
commit 0823b28712
1 changed files with 63 additions and 57 deletions

View File

@ -205,7 +205,15 @@ isset($view) || $view = NULL;
isset($request) || $request = NULL; isset($request) || $request = NULL;
isset($action) || $action = NULL; isset($action) || $action = NULL;
if ( ZM_ENABLE_CSRF_MAGIC && $action != 'login' && $view != 'view_video' && $request != 'control' && $view != 'frames' && $view != 'archive' ) { Logger::Debug("View: $view Request: $request Action: $action");
if (
ZM_ENABLE_CSRF_MAGIC &&
( $action != 'login' ) &&
( $view != 'view_video' ) &&
( $request != 'control' ) &&
( $view != 'frames' ) &&
( $view != 'archive' )
) {
require_once( 'includes/csrf/csrf-magic.php' ); require_once( 'includes/csrf/csrf-magic.php' );
#Logger::Debug("Calling csrf_check with the following values: \$request = \"$request\", \$view = \"$view\", \$action = \"$action\""); #Logger::Debug("Calling csrf_check with the following values: \$request = \"$request\", \$view = \"$view\", \$action = \"$action\"");
csrf_check(); csrf_check();
@ -216,13 +224,11 @@ require_once( 'includes/actions.php' );
# If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in. # If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
if ( ZM_OPT_USE_AUTH and !isset($user) ) { if ( ZM_OPT_USE_AUTH and !isset($user) ) {
Logger::Debug("Redirecting to login" ); Logger::Debug('Redirecting to login');
$view = 'login'; $view = 'login';
$request = null; $request = null;
} } else if ( ZM_SHOW_PRIVACY && ($action != 'privacy') && ($view !='options') && (!$request) && canEdit('System') ) {
Logger::Debug('Redirecting to privacy');
if ( ZM_SHOW_PRIVACY && canEdit('System') ) {
Logger::Debug("Redirecting to privacy" );
$view = 'privacy'; $view = 'privacy';
$request = null; $request = null;
} }