diff options
| author | Simon Rettberg | 2025-05-22 16:07:03 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2025-05-22 16:07:03 +0200 |
| commit | 19160ec62cec3b6e436590b16ebb2b329ef5d55b (patch) | |
| tree | bdfc8a89829fde79133b839d4cb52a27c7b3e520 /inc/util.inc.php | |
| parent | [locationinfo] URLpanel: Browser accept-language and screen rotation (diff) | |
| download | slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.tar.gz slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.tar.xz slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.zip | |
Add audit logging of POST actions
Diffstat (limited to 'inc/util.inc.php')
| -rw-r--r-- | inc/util.inc.php | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/inc/util.inc.php b/inc/util.inc.php index 91232f46..003da9fa 100644 --- a/inc/util.inc.php +++ b/inc/util.inc.php @@ -14,11 +14,12 @@ class Util * been displayed yet will be appended to the redirect. * * @param string|false $location Location to redirect to. "false" to redirect to same URL (useful after POSTs) + * @param ?int $virtualResponseCode Which response code to treat this redirect as for audit purposes * @param bool $preferRedirectPost if true, use the value from $_POST['redirect'] instead of $location - * @param bool $ignoreRedirectParams if true, ignore any additional params set via ::addRedirectParam()) + * @param bool $ignoreRedirectParams if true, ignore any additional params set via ::addRedirectParam() */ #[NoReturn] - public static function redirect($location = false, bool $preferRedirectPost = false, bool $ignoreRedirectParams = false): void + public static function redirect($location = false, ?int $virtualResponseCode = null, bool $preferRedirectPost = false, bool $ignoreRedirectParams = false): void { if ($location === false) { $location = preg_replace('/([&?])message\[\]=[^&]*/', '\1', $_SERVER['REQUEST_URI']); @@ -50,6 +51,17 @@ class Util . Database::getQueryCount() . ' queries, ' . round(Database::getQueryTime(), 3) . 's query time total'); } + // For cosmetic reasons, allow overriding the HTTP response code we log to the audit table. + // This is only for logging, this doesn't get send to the client. + if ($virtualResponseCode !== null) { + Audit::overrideResponseCode($virtualResponseCode, false); + } elseif (Message::hasError('main.parameter-empty', 'main.parameter-missing', 'main.value-invalid', 'main.invalid-action')) { + Audit::overrideResponseCode(400, false); + } elseif (Message::hasError('main.no-permission')) { + Audit::overrideResponseCode(403, false); + } elseif (Message::hasError('main.error-read', 'main.error-write')) { + Audit::overrideResponseCode(500, false); + } Header('Location: ' . $location); exit(0); } |