summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2013-09-04 16:37:32 +0200
committerFlorian Pritz <bluewind@xinu.at>2013-09-04 16:37:32 +0200
commit855b7b25aeba021400aa6a3438e2ab19c3b63907 (patch)
treee8790191e864b2acd4bd9a8232d8d457c943026f
parentcce1fe9bfea359cebae585eaaa944650bace4966 (diff)
Replace is_cli_client() with stateful_client where applicable
Stateless clients (cli client and clients using api keys) can't reclaim IDs (no cookie) so they should be required to log in asap and they will always get an error if they didn't log in. Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--application/controllers/file.php8
-rw-r--r--application/core/MY_Controller.php1
-rw-r--r--application/models/muser.php3
3 files changed, 5 insertions, 7 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index 6a97c645f..98ccae884 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -582,9 +582,9 @@ class File extends MY_Controller {
// Handle pastes
function do_paste()
{
- // desktop clients get a cookie to claim the ID later
+ // stateful clients get a cookie to claim the ID later
// don't force them to log in just yet
- if (is_cli_client()) {
+ if (!stateful_client()) {
$this->muser->require_access();
}
@@ -617,9 +617,9 @@ class File extends MY_Controller {
// Handles uploaded files
function do_upload()
{
- // desktop clients get a cookie to claim the ID later
+ // stateful clients get a cookie to claim the ID later
// don't force them to log in just yet
- if (is_cli_client()) {
+ if (!stateful_client()) {
$this->muser->require_access("apikey");
}
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php
index e1c6cc96e..008c48dec 100644
--- a/application/core/MY_Controller.php
+++ b/application/core/MY_Controller.php
@@ -80,7 +80,6 @@ class MY_Controller extends CI_Controller {
$csrf_protection = false;
}
- // TODO: replace cli client with request_type("plain")?
if (is_cli_client() && in_array($uri_start, $csrf_whitelisted_handlers["cli_client"])) {
$csrf_protection = false;
}
diff --git a/application/models/muser.php b/application/models/muser.php
index 6a488476f..2dd7280e8 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -184,8 +184,7 @@ class Muser extends CI_Model {
return $this->check_access_level($wanted_level);
}
- // if a CLI client reaches this point it failed to log in
- if (is_cli_client()) {
+ if (!stateful_client()) {
show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401);
}