Browse Source

Ensure object/ds are accessible before verifying token. (#701)

pull/695/merge
Jordan Dukart 7 years ago committed by Diego Pino Navarro
parent
commit
124b39959f
  1. 14
      islandora.module

14
islandora.module

@ -881,13 +881,17 @@ function islandora_object_access_callback($perm, $object = NULL) {
function islandora_object_datastream_tokened_access_callback($perm, $object = NULL, $datastream = NULL) { function islandora_object_datastream_tokened_access_callback($perm, $object = NULL, $datastream = NULL) {
module_load_include('inc', 'islandora', 'includes/utilities'); module_load_include('inc', 'islandora', 'includes/utilities');
// Token validation requires a valid object and PID in order to make a
// potential match in the db.
$token_account = NULL; $token_account = NULL;
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING); if (is_object($object) && is_object($datastream)) {
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
if ($token) { if ($token) {
$user = islandora_validate_object_token($object->id, $datastream->id, $token); $user = islandora_validate_object_token($object->id, $datastream->id, $token);
if ($user) { if ($user) {
$token_account = user_load($user->uid); $token_account = user_load($user->uid);
}
} }
} }

Loading…
Cancel
Save