From 6f67c60627918b9ef956914c63cb7290b7e2de13 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Fri, 1 May 2020 20:10:52 +0200
Subject: [PATCH] login: status 403 for initial unauthorised redirects

Appropriate error code for original requests.
---
 login/index.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/login/index.php b/login/index.php
index 6783a47..897346d 100644
--- a/login/index.php
+++ b/login/index.php
@@ -38,6 +38,7 @@ elseif (isset($_GET['logout'])) {
 if (!$User or !$User->login) {
 	$Article->title = 'Inloggen';
 	if (isset($_REQUEST['goto'])) {
+		if (empty($message)) http_response_code(403);
 		$target = ltrim($_REQUEST['goto'], '/');
 		$target = new ArchiveArticle("$target.html");
 
-- 
2.30.0