From 20dbcc33e8bcf93513f6f9d070aec915dc982c82 Mon Sep 17 00:00:00 2001
From: Dan Poltawski <dan@moodle.com>
Date: Thu, 13 Jun 2013 12:00:43 +0800
Subject: [PATCH] MDL-33564 rss: on error return HTTP error status

Also remove an unecessary debugging notice.
---
 lib/upgrade.txt |  2 ++
 rss/file.php    | 23 +++++++++++++----------
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/lib/upgrade.txt b/lib/upgrade.txt
index 218c03b1933..d6591b9b026 100644
--- a/lib/upgrade.txt
+++ b/lib/upgrade.txt
@@ -126,6 +126,8 @@ information provided here is intended especially for developers.
     enrol_cohort_enrol_all_users()
     enrol_cohort_search_cohorts()
 * The never unused webdav_locks table was dropped.
+* rss_error() now supports returning of correct HTTP status of error and will return '404 Not Found'
+  unless other status is specified.
 
 === 2.9.1 ===
 
diff --git a/rss/file.php b/rss/file.php
index 65b2e1f1051..22628eb7e5a 100644
--- a/rss/file.php
+++ b/rss/file.php
@@ -39,7 +39,6 @@ require_once($CFG->libdir.'/rsslib.php');
 
 // RSS feeds must be enabled site-wide.
 if (empty($CFG->enablerssfeeds)) {
-    debugging('DISABLED (admin variables)');
     rss_error();
 }
 
@@ -86,14 +85,14 @@ if ($token === "$inttoken") {
 
     if (empty($context)) {
         // This shouldnt happen. something bad is going on.
-        rss_error('rsserror');
+        rss_error();
     }
 
     // Make sure that $CFG->siteguest is set.
     if (empty($CFG->siteguest)) {
         if (!$guestid = $DB->get_field('user', 'id', array('username' => 'guest', 'mnethostid' => $CFG->mnet_localhost_id))) {
             // Guest does not exist yet, weird.
-            rss_error('rsserror');
+            rss_error();
         }
         set_config('siteguest', $guestid);
     }
@@ -111,7 +110,7 @@ if ($token === "$inttoken") {
     // Authenticate the user from the token.
     $userid = rss_get_userid_from_token($token);
     if (!$userid) {
-        rss_error('rsserrorauth');
+        rss_error('rsserrorauth', 'rss.xml', 0, '403 Forbidden');
     }
 }
 
@@ -134,9 +133,9 @@ try {
     require_login($course, $autologinguest, $cm, $setwantsurltome, $preventredirect);
 } catch (Exception $e) {
     if (isguestuser()) {
-        rss_error('rsserrorguest');
+        rss_error('rsserrorguest', 'rss.xml', 0, '403 Forbidden');
     } else {
-        rss_error('rsserrorauth');
+        rss_error('rsserrorauth', 'rss.xml', 0, '403 Forbidden');
     }
 }
 
@@ -177,11 +176,15 @@ send_file($pathname, 'rss.xml', 3600);   // Cached by browsers for 1 hour.
  * @category rss
  *
  * @param string $error the error type, default is rsserror
- * @param string $filename the name of the file to create (NOT USED)
- * @param int $lifetime UNSURE (NOT USED)
+ * @param string $filename the name of the file to created
+ * @param int $unused
+ * @param $statuscode http 1.1 statuscode indicicating the error
  * @uses exit
  */
-function rss_error($error='rsserror', $filename='rss.xml', $lifetime=0) {
-    send_file(rss_geterrorxmlfile($error), $filename, $lifetime, false, true);
+function rss_error($error='rsserror', $filename='rss.xml', $unused=0, $statuscode='404 Not Found') {
+    header("HTTP/1.1 $statuscode");
+    header('Content-Disposition: inline; filename="'.$filename.'"');
+    header('Content-Type: application/xml');
+    echo rss_geterrorxmlfile($error);
     exit;
 }