From 602230ec536551601292d7af4a8632bc2eec6966 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Fri, 8 Nov 2013 19:13:46 +0100
Subject: [PATCH] =?UTF-8?q?Fix=20issue=20#238:=20possibilit=C3=A9=20d'actu?=
 =?UTF-8?q?aliser=20avec=20token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

En précisant le token il est possible maintenant d'actualiser les flux
sans avoir besoin de se connecter
---
 app/controllers/feedController.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/controllers/feedController.php b/app/controllers/feedController.php
index 0fd362065..31bade9f5 100755
--- a/app/controllers/feedController.php
+++ b/app/controllers/feedController.php
@@ -2,7 +2,14 @@
 
 class feedController extends ActionController {
 	public function firstAction () {
-		if (login_is_conf ($this->view->conf) && !is_logged ()) {
+		$token = $this->view->conf->token();
+		$token_param = Request::param ('token', '');
+		$token_is_ok = ($token != '' && $token == $token_param);
+		$action = Request::actionName ();
+
+		if (login_is_conf ($this->view->conf) &&
+				!is_logged () &&
+				!($token_is_ok && $action == 'actualize')) {
 			Error::error (
 				403,
 				array ('error' => array (Translate::t ('access_denied')))