From 9db0a440bf858bced7bd14064a9197adca66b2e6 Mon Sep 17 00:00:00 2001 From: Vincent Zanotti Date: Sun, 14 Jun 2009 23:01:21 +0200 Subject: [PATCH] Removes the NO_HTTPS flags on three pages: 1. We never serve a non-https link to those pages. 2. Setting NO_HTTPS removes the default DO_AUTH flag, which means an unauthenticated user will not get the login form. 3. I'm pretty sure the auth cookie is set as secure (at least it should), which means an user on http will never be authenticated. Signed-off-by: Vincent Zanotti --- modules/carnet.php | 4 ++-- modules/profile.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/carnet.php b/modules/carnet.php index 3080c91..5ac29ba 100644 --- a/modules/carnet.php +++ b/modules/carnet.php @@ -29,9 +29,9 @@ class CarnetModule extends PLModule 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE), 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE), - 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE, 'user', NO_HTTPS), + 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE), + 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE), 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_PUBLIC, 'user', NO_HTTPS), - 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS), 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS), ); diff --git a/modules/profile.php b/modules/profile.php index af3614e..514ca46 100644 --- a/modules/profile.php +++ b/modules/profile.php @@ -52,7 +52,7 @@ class ProfileModule extends PLModule 'groupes-x' => $this->make_hook('xnet', AUTH_COOKIE), - 'vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS), + 'vcard' => $this->make_hook('vcard', AUTH_COOKIE), 'admin/binets' => $this->make_hook('admin_binets', AUTH_MDP, 'admin'), 'admin/medals' => $this->make_hook('admin_medals', AUTH_MDP, 'admin'), 'admin/formations' => $this->make_hook('admin_formations', AUTH_MDP, 'admin'), -- 2.1.4