Various improvements to site flow and provision of information, with particular emphasis on error pages, the login cycle and HTTP headers information.
Check for access in this order:
- check if feature is enabled
- (if anonymous access is not permitted) check isset($user)
- check permissions
Rationale: No point in telling a user they aren't logged in, only to then tell them that the feature is disabled when they try again after they are logged in. isset($user) can be thought of as a generic permission - we check more generic (catch-all) permissions first, working towards the more specific ones for optimisation purposes.
$errortype - not set (default) or 404 for a "not found" error page
$errortitle - the title to use at the top of the error box in the centre column
$headtitle - (part of) the title to use in the browsers' title bar.
- provide alternative layouts for error pages, search pages (committed), modules and login pages
- check every use of location, referer and error.tpl
- provide login box redirection for !$user
- try harder to find the right document or part of site on invalid URL / HTTP 404
- no-cache for installer and other temporary pages
- 404 headers for installed
Feel free to add to this document, post comments or send me/us private messages.