diff --git a/classes/controller/Controller.php b/classes/controller/Controller.php
index 06551ff51..669107864 100644
--- a/classes/controller/Controller.php
+++ b/classes/controller/Controller.php
@@ -150,6 +150,7 @@ abstract class ControllerCore
$this->init();
if ($this->checkAccess())
{
+
// setMedia MUST be called before postProcess
if (!$this->content_only && ($this->display_header || (isset($this->className) && $this->className)))
$this->setMedia();
diff --git a/controllers/admin/AdminCmsController.php b/controllers/admin/AdminCmsController.php
index 8029a1a2b..1e55ede0a 100644
--- a/controllers/admin/AdminCmsController.php
+++ b/controllers/admin/AdminCmsController.php
@@ -309,9 +309,20 @@ class AdminCmsControllerCore extends AdminController
if (!$cms->active)
{
- $admin_dir = dirname($_SERVER['PHP_SELF']);
+ $admin_dir = dirname($_SERVER['PHP_SELF']);
$admin_dir = substr($admin_dir, strrpos($admin_dir, '/') + 1);
- $preview_url .= $cms->active ? '' : '&adtoken='.Tools::getAdminTokenLite('AdminCmsContent').'&ad='.$admin_dir.'&id_employee='.(int)$this->context->employee->id;
+
+ $params = http_build_query(array(
+ 'adtoken' => Tools::getAdminTokenLite('AdminCmsContent'),
+ 'ad' => $admin_dir,
+ 'id_employee' => (int)$this->context->employee->id)
+ );
+ if (Configuration::get('PS_REWRITING_SETTINGS'))
+ $params = '?'.$params;
+ else
+ $params = '&'.$params;
+
+ $preview_url .= $cms->active ? '' : $params;
}
Tools::redirectAdmin($preview_url);
}
diff --git a/controllers/front/CategoryController.php b/controllers/front/CategoryController.php
index bb498b364..538cb9e4d 100644
--- a/controllers/front/CategoryController.php
+++ b/controllers/front/CategoryController.php
@@ -28,6 +28,7 @@ class CategoryControllerCore extends FrontController
{
public $php_self = 'category';
protected $category;
+ public $customer_access = true;
/**
* Set default medias for this controller
@@ -52,6 +53,7 @@ class CategoryControllerCore extends FrontController
public function canonicalRedirection($canonicalURL = '')
{
+ return ;
if (!Validate::isLoadedObject($this->category) || !$this->category->inShop() || !$this->category->isAssociatedToShop())
{
$this->redirect_after = '404';
@@ -76,14 +78,30 @@ class CategoryControllerCore extends FrontController
$this->category = new Category($id_category, $this->context->language->id);
parent::init();
-
+ //check if the category is active and return 404 error if is disable.
+ if (!$this->category->active)
+ {
+ header('HTTP/1.1 404 Not Found');
+ header('Status: 404 Not Found');
+ }
+ //check if category can be accessible by current customer and return 403 if not
if (!$this->category->checkAccess($this->context->customer->id))
+ {
+ header('HTTP/1.1 403 Forbidden');
+ header('Status: 403 Forbidden');
$this->errors[] = Tools::displayError('You do not have access to this category.');
+ $this->customer_access = false;
+ }
}
-
+
public function initContent()
{
parent::initContent();
+
+ $this->setTemplate(_PS_THEME_DIR_.'category.tpl');
+
+ if (!$this->customer_access)
+ return;
if (isset($this->context->cookie->id_compare))
$this->context->smarty->assign('compareProducts', CompareProduct::getCompareProducts((int)$this->context->cookie->id_compare));
@@ -111,9 +129,6 @@ class CategoryControllerCore extends FrontController
'comparator_max_item' => (int)Configuration::get('PS_COMPARATOR_MAX_ITEM'),
'suppliers' => Supplier::getSuppliers()
));
-
-
- $this->setTemplate(_PS_THEME_DIR_.'category.tpl');
}
/**
diff --git a/controllers/front/CmsController.php b/controllers/front/CmsController.php
index 8a040d93f..8137396c4 100644
--- a/controllers/front/CmsController.php
+++ b/controllers/front/CmsController.php
@@ -51,16 +51,28 @@ class CmsControllerCore extends FrontController
$this->cms = new CMS($id_cms, $this->context->language->id);
else if ($id_cms_category = (int)Tools::getValue('id_cms_category'))
$this->cms_category = new CMSCategory($id_cms_category, $this->context->language->id);
+
$this->canonicalRedirection();
- /* assignCase (1 = CMS page, 2 = CMS category) */
- if (Validate::isLoadedObject($this->cms)
- && ($this->cms->isAssociatedToShop() && $this->cms->active || (Tools::getValue('adtoken') == Tools::getAdminToken('AdminCmsContent'.(int)Tab::getIdFromClassName('AdminCmsContent').(int)Tools::getValue('id_employee')))))
- $this->assignCase = 1;
+ // assignCase (1 = CMS page, 2 = CMS category)
+ if (Validate::isLoadedObject($this->cms))
+ {
+ $adtoken = Tools::getAdminToken('AdminCmsContent'.(int)Tab::getIdFromClassName('AdminCmsContent').(int)Tools::getValue('id_employee'));
+ if (!$this->cms->isAssociatedToShop() || !$this->cms->active && Tools::getValue('adtoken') != $adtoken)
+ {
+ header('HTTP/1.1 404 Not Found');
+ header('Status: 404 Not Found');
+ }
+ else
+ $this->assignCase = 1;
+ }
else if (Validate::isLoadedObject($this->cms_category))
$this->assignCase = 2;
else
- Tools::redirect('index.php?controller=404');
+ {
+ header('HTTP/1.1 404 Not Found');
+ header('Status: 404 Not Found');
+ }
}
public function setMedia()
@@ -87,7 +99,7 @@ class CmsControllerCore extends FrontController
$this->context->smarty->assign('cgv_id', Configuration::get('PS_CONDITIONS_CMS_ID'));
if (isset($this->cms->id_cms_category) && $this->cms->id_cms_category)
$path = Tools::getFullPath($this->cms->id_cms_category, $this->cms->meta_title, 'CMS');
- else
+ else if (isset($this->cms_category->meta_title))
$path = Tools::getFullPath(1, $this->cms_category->meta_title, 'CMS');
if ($this->assignCase == 1)
{
diff --git a/themes/default/cms.tpl b/themes/default/cms.tpl
index d4c04e2bb..b26a37b2c 100644
--- a/themes/default/cms.tpl
+++ b/themes/default/cms.tpl
@@ -67,6 +67,8 @@
{/if}
{else}
- {l s='This page does not exist.'}
+
+ {l s='This page does not exist.'}
+
{/if}
\ No newline at end of file