forward throws Exception if headers sent. fix for http://trac.elgg.org/ticket/3765

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 198ffe60c0936516a20b306f4fc6e8bbb17295e5..8358b08ab32bd64f9e06f7d60cea2d235d77a1bc 100644 (file)
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -143,9 +143,9 @@ function forward($location = "", $reason = 'system') {
                } else if ($location === '') {
                        exit;
                }
+       } else {
+               throw new SecurityException(elgg_echo('SecurityException:ForwardFailedToRedirect'));
        }
-
-       return false;
 }
 
 /**

diff --git a/engine/lib/group.php b/engine/lib/group.php
index e7b70fd10bc94638fa973e5454ca18df7f578194..7fa188cd68cc9a2c5a4ea156f141c8483cc9d209 100644 (file)
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -276,9 +276,7 @@ function group_gatekeeper($forward = true) {
 
        if ($forward && $allowed == false) {
                register_error(elgg_echo('membershiprequired'));
-               if (!forward($url, 'member')) {
-                       throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
-               }
+               forward($url, 'member');
        }
 
        return $allowed;

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 407bb69c5b584b621b2e193cac61901748b82672..ae42956a97a842405977d87d65e46bf0c1fc8fd8 100644 (file)
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -472,10 +472,7 @@ function gatekeeper() {
        if (!elgg_is_logged_in()) {
                $_SESSION['last_forward_from'] = current_page_url();
                register_error(elgg_echo('loggedinrequired'));
-
-               if (!forward('', 'login')) {
-                       throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
-               }
+               forward('', 'login');
        }
 }
 
@@ -490,9 +487,7 @@ function admin_gatekeeper() {
        if (!elgg_is_admin_logged_in()) {
                $_SESSION['last_forward_from'] = current_page_url();
                register_error(elgg_echo('adminrequired'));
-               if (!forward('', 'admin')) {
-                       throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper'));
-               }
+               forward('', 'admin');
        }
 }
 

diff --git a/languages/en.php b/languages/en.php
index 6c3c041cd3f2872e653f1bef3bd2134489a27f9e..aabf91dfb61d155852a7a8348ab66618acf52cf0 100644 (file)
--- a/languages/en.php
+++ b/languages/en.php
@@ -171,7 +171,7 @@ $english = array(
        'ConfigurationException:NoSiteID' => "No site ID has been specified.",
        'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.",
        'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.",
-       'SecurityException:UnexpectedOutputInGatekeeper' => 'Unexpected output in gatekeeper call. Halting execution for security. Search http://docs.elgg.org/ for more information.',
+       'SecurityException:ForwardFailedToRedirect' => 'Redirect could not be issued due to headers already being sent. Halting execution for security. Search http://docs.elgg.org/ for more information.',
        'InvalidParameterException:APIMethodOrFunctionNotSet' => "Method or function not set in call in expose_method()",
        'InvalidParameterException:APIParametersArrayStructure' => "Parameters array structure is incorrect for call to expose method '%s'",
        'InvalidParameterException:UnrecognisedHttpMethod' => "Unrecognised http method %s for api method '%s'",