From 872dc79dbd8b04424520e32675a6e0dcb6ed44bc Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Wed, 25 May 2016 21:28:33 -0400
Subject: Do not execute controller if the response is already sent

---
 app/Core/Controller/Runner.php         |  5 ++++-
 app/Core/Http/Response.php             | 14 ++++++++++++++
 app/Middleware/BootstrapMiddleware.php |  2 +-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/app/Core/Controller/Runner.php b/app/Core/Controller/Runner.php
index b973c098..8353cf69 100644
--- a/app/Core/Controller/Runner.php
+++ b/app/Core/Controller/Runner.php
@@ -26,7 +26,10 @@ class Runner extends Base
     {
         try {
             $this->executeMiddleware();
-            $this->executeController();
+
+            if (!$this->response->isResponseAlreadySent()) {
+                $this->executeController();
+            }
         } catch (PageNotFoundException $e) {
             $controllerObject = new AppController($this->container);
             $controllerObject->notFound($e->hasLayout());
diff --git a/app/Core/Http/Response.php b/app/Core/Http/Response.php
index 1c5310d0..0f16fb65 100644
--- a/app/Core/Http/Response.php
+++ b/app/Core/Http/Response.php
@@ -16,6 +16,18 @@ class Response extends Base
     private $httpStatusCode = 200;
     private $httpHeaders = array();
     private $httpBody = '';
+    private $responseSent = false;
+
+    /**
+     * Return true if the response have been sent to the user agent
+     *
+     * @access public
+     * @return bool
+     */
+    public function isResponseAlreadySent()
+    {
+        return $this->responseSent;
+    }
 
     /**
      * Set HTTP status code
@@ -187,6 +199,8 @@ class Response extends Base
      */
     public function send()
     {
+        $this->responseSent = true;
+
         if ($this->httpStatusCode !== 200) {
             header('Status: '.$this->httpStatusCode);
             header($this->request->getServerVariable('SERVER_PROTOCOL').' '.$this->httpStatusCode);
diff --git a/app/Middleware/BootstrapMiddleware.php b/app/Middleware/BootstrapMiddleware.php
index c9de1de9..727f600c 100644
--- a/app/Middleware/BootstrapMiddleware.php
+++ b/app/Middleware/BootstrapMiddleware.php
@@ -33,7 +33,7 @@ class BootstrapMiddleware extends BaseMiddleware
         $this->response->withContentSecurityPolicy($this->container['cspRules']);
         $this->response->withSecurityHeaders();
 
-        if (ENABLE_XFRAME && $this->router->getAction() !== 'readonly') {
+        if (ENABLE_XFRAME) {
             $this->response->withXframe();
         }
 
-- 
cgit v1.2.3