From 0f9e233f0fbdbbd8adc6c08280117dfd41f7c24b Mon Sep 17 00:00:00 2001
From: Bill Erickson <berick@esilibrary.com>
Date: Wed, 26 Jan 2011 13:53:18 -0500
Subject: [PATCH] don't attempt to load account pages without valid ses and SSL

---
 Open-ILS/src/perlmods/OpenILS/WWW/EGCatLoader.pm | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/Open-ILS/src/perlmods/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/OpenILS/WWW/EGCatLoader.pm
index e8f253dc68..b41bab85d9 100644
--- a/Open-ILS/src/perlmods/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/OpenILS/WWW/EGCatLoader.pm
@@ -3,7 +3,7 @@ use strict; use warnings;
 use CGI;
 use XML::LibXML;
 use Digest::MD5 qw(md5_hex);
-use Apache2::Const -compile => qw(OK DECLINED HTTP_INTERNAL_SERVER_ERROR REDIRECT HTTP_BAD_REQUEST);
+use Apache2::Const -compile => qw(OK DECLINED FORBIDDEN HTTP_INTERNAL_SERVER_ERROR REDIRECT HTTP_BAD_REQUEST);
 use OpenSRF::AppSession;
 use OpenSRF::EX qw/:try/;
 use OpenSRF::Utils qw/:datetime/;
@@ -70,19 +70,24 @@ sub load {
     return $stat unless $stat == Apache2::Const::OK;
 
     my $path = $self->apache->path_info;
+
     return $self->load_home if $path =~ /opac\/home/;
     return $self->load_login if $path =~ /opac\/login/;
     return $self->load_logout if $path =~ /opac\/logout/;
     return $self->load_rresults if $path =~ /opac\/results/;
     return $self->load_record if $path =~ /opac\/record/;
-    return $self->load_place_hold if $path =~ /opac\/place_hold/;
 
-    # XXX here is where we need to add a check for session timeout, either that
-    # or have load_* check something...
+    # ----------------------------------------------------------------
+    # These pages require authentication
+    # ----------------------------------------------------------------
+    return Apache2::Const::FORBIDDEN unless $self->cgi->https;
+    return $self->load_logout unless $self->editor->requestor;
 
+    return $self->load_place_hold if $path =~ /opac\/place_hold/;
     return $self->load_myopac_holds if $path =~ /opac\/myopac\/holds/;
     return $self->load_myopac_circs if $path =~ /opac\/myopac\/circs/;
     return $self->load_myopac if $path =~ /opac\/myopac/;
+    # ----------------------------------------------------------------
 
     return Apache2::Const::OK;
 }
@@ -268,9 +273,7 @@ sub load_login {
 sub load_logout {
     my $self = shift;
 
-    my $path = $self->apache->uri;
-    $path =~ s/(\/[^\/]+$)/\/home/;
-    my $url = 'http://' . $self->apache->hostname . "$path";
+    my $url = 'http://' . $self->apache->hostname . $self->ctx->{base_path} . "/opac/home";
 
     $self->apache->print(
         $self->cgi->redirect(
-- 
2.11.0