From 34d4adf0c3a91b4f462b9d0a3db53c337f26609b Mon Sep 17 00:00:00 2001
From: Massimo Melina <a@rejetto.com>
Date: Wed, 13 May 2020 23:49:31 +0200
Subject: [PATCH] fix: login not working if root is protected

---
 default.tpl |  2 ++
 main.pas    | 13 ++++++-------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/default.tpl b/default.tpl
index f670f0e..d81e923 100644
--- a/default.tpl
+++ b/default.tpl
@@ -845,6 +845,8 @@ function selectionMask() {
 }//selectionMask
 
 function showLogin(options) {
+	if (!HFS.sid) // the session was just deleted
+		return location.reload() // but it's necessary for login
 	var d = dialog('\
 		<form style="line-height:1.9em">\
 			Username\
diff --git a/main.pas b/main.pas
index 02a4de0..15ee6f4 100644
--- a/main.pas
+++ b/main.pas
@@ -5060,7 +5060,7 @@ procedure Tmainfrm.httpEvent(event:ThttpEvent; conn:ThttpConn);
   procedure handleRequest();
   var
     dlForbiddenForWholeFolder, specialGrant: boolean;
-    urlCmd: string;
+    mode, urlCmd: string;
     acc: Paccount;
 
     function accessGranted(forceFile:Tfile=NIL):boolean;
@@ -5081,13 +5081,12 @@ procedure Tmainfrm.httpEvent(event:ThttpEvent; conn:ThttpConn);
     result:=f.accessFor(data);
     // ok, you are referring a section of the template, which virtually resides in the root because of the url starting with /~
     // but you don't have access rights to the root. We'll let you pass if it's actually a section and you are using it from a folder that you have access to.
-    if not result and (f = rootFile) and ansiStartsStr('~', urlCmd) and tpl.sectionExist(copy(urlCmd,2,MAXINT))
+    if not result and (f = rootFile)
+    and ((mode='section') or ansiStartsStr('~', urlCmd) and tpl.sectionExist(copy(urlCmd,2,MAXINT)))
     and (0 < reMatch(conn.getHeader('Referer'), '://([^@]*@)?'+getSafeHost(data)+'(/.*)', 'i', 1, @m)) then
       begin
-      fTemp:=findFileByUrl(m[2]);
-      result:=assigned(fTemp) and fTemp.accessFor(data);
-      specialGrant:=result;
-      freeIfTemp(Ftemp);
+      result:=TRUE;
+      specialGrant:=TRUE;
       end;
     if result then exit;
     conn.reply.realm:=f.getShownRealm();
@@ -5200,7 +5199,7 @@ procedure Tmainfrm.httpEvent(event:ThttpEvent; conn:ThttpConn);
 
   var
     b: boolean;
-    s, mode: string;
+    s: string;
     i: integer;
     section: PtplSection;
   begin