Permalink
Browse files

fix(actions): send error HTTP header from action forward hook

ajax_forward_hook() now sends error HTTP header, if forward reason is an
HTTP error code. This makes sure that response object returned by non-action
URLs is not output as raw string to the user (e.g. when requested by lightbox)

Fixes #9027
  • Loading branch information...
hypeJunction committed Dec 8, 2015
1 parent ba268bf commit d3344de7ed92d5ee8ecca43e474c6555861f5dad
Showing with 17 additions and 0 deletions.
  1. +17 −0 engine/classes/Elgg/ActionsService.php
@@ -320,6 +320,23 @@ public function ajaxForwardHook($hook, $reason, $return, $params) {
$params['status'] = -1;
}
if ($reason == 'walled_garden') {
$reason = '403';
}
$httpCodes = array(
'400' => 'Bad Request',
'401' => 'Unauthorized',
'403' => 'Forbidden',
'404' => 'Not Found',
'407' => 'Proxy Authentication Required',
'500' => 'Internal Server Error',
'503' => 'Service Unavailable',
);
if (isset($httpCodes[$reason])) {
header("HTTP/1.1 $reason {$httpCodes[$reason]}", true);
}
$context = array('action' => $this->currentAction);
$params = _elgg_services()->hooks->trigger('output', 'ajax', $context, $params);

0 comments on commit d3344de

Please sign in to comment.