Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

403 has more sense that 404 #741

Closed
wants to merge 1 commit into from

6 participants

@Naouak

404 is for non existing file.
403 is for page that need authorization.

@Naouak Naouak 403 has more sense that 404
404 is for non existing file.
403 is for page that need authorization.
eaea9a9
@infograf768

Please create a tracker on joomlacode and explain why you propose this change.
also, there are many other places in Joomla where JERROR_ALERTNOAUTHOR is used, sometimes with a 404 sometimes with a 403. If this change is necessary, shall we not change all?

@nicksavov

Thanks for coding this, Naoak! Also, to add to infograf's comments, some testing instructions would be useful.

For anyone interested, here's the tracker item on JoomlaCode:
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=30373

@oc666

This might help you:
ofer@ofer-Latitude-E6220:~/projects/joomla3$ grep -rin "JERROR_ALERTNOAUTHOR" * | grep -v language | grep -v 403 | grep raise
administrator/components/com_config/controller.php:57: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_content/content.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_admin/views/sysinfo/view.html.php:54: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_templates/templates.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_menus/menus.php:14: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_banners/banners.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_messages/messages.php:14: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_finder/finder.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_redirect/redirect.php:14: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_checkin/checkin.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_newsfeeds/newsfeeds.php:14: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_weblinks/weblinks.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/views/debuguser/view.html.php:37: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/views/debuggroup/view.html.php:37: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/controller.php:66: JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/users.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/controllers/level.php:56: JError::raiseError(500, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/controllers/groups.php:48: JError::raiseError(500, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/controllers/groups.php:66: JError::raiseError(500, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/controllers/groups.php:84: JError::raiseError(500, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/controllers/groups.php:102: JError::raiseError(500, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_users/controllers/groups.php:120: JError::raiseError(500, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_contact/contact.php:14: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_installer/installer.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_tags/tags.php:16: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_plugins/plugins.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_categories/categories.php:16: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_search/search.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_modules/modules.php:14: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
administrator/components/com_cache/cache.php:14: return JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
administrator/components/com_joomlaupdate/joomlaupdate.php:14: return JError::raiseWarning(404, JText::('JERROR_ALERTNOAUTHOR'));
templates/beez3/error.php:209: $this->error = JError::raiseWarning(404, JText::
('JERROR_ALERTNOAUTHOR'));
templates/system/error.php:13: $this->error = JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));

@elinw

These should just be enqueuing messages not raising warnings. The challenge is to send the correct number to the browser.

@elkuku

Let me throw in a thought here please....
I'm just experimenting in our JTracker thingy with custom Exceptions for 403, 404 and 500 events that can be thrown everywhere and are processed by specialized exception handlers to perform "some actions" like sending the correct status code and giving the possibility to write custom logs for those events.
As I said, it's just a thought ;)

@mbabker mbabker closed this in 0f5e022
@garyamort garyamort referenced this pull request from a commit in garyamort/joomla-cms
@Naouak Naouak [#30373] Installer 404 should be 403 for authorization (Fix #741) 0dbc167
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 27, 2013
  1. @Naouak

    403 has more sense that 404

    Naouak authored
    404 is for non existing file.
    403 is for page that need authorization.
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  administrator/components/com_installer/installer.php
View
2  administrator/components/com_installer/installer.php
@@ -11,7 +11,7 @@
if (!JFactory::getUser()->authorise('core.manage', 'com_installer'))
{
- return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
+ return JError::raiseWarning(403, JText::_('JERROR_ALERTNOAUTHOR'));
}
$controller = JControllerLegacy::getInstance('Installer');
Something went wrong with that request. Please try again.