Browse Source

Ensure object/ds are accessible before verifying token. (#701)

pull/695/merge
Jordan Dukart 7 years ago committed by Diego Pino Navarro
parent
commit
124b39959f
  1. 4
      islandora.module

4
islandora.module

@ -881,7 +881,10 @@ function islandora_object_access_callback($perm, $object = NULL) {
function islandora_object_datastream_tokened_access_callback($perm, $object = NULL, $datastream = NULL) { function islandora_object_datastream_tokened_access_callback($perm, $object = NULL, $datastream = NULL) {
module_load_include('inc', 'islandora', 'includes/utilities'); module_load_include('inc', 'islandora', 'includes/utilities');
// Token validation requires a valid object and PID in order to make a
// potential match in the db.
$token_account = NULL; $token_account = NULL;
if (is_object($object) && is_object($datastream)) {
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING); $token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
if ($token) { if ($token) {
@ -890,6 +893,7 @@ function islandora_object_datastream_tokened_access_callback($perm, $object = NU
$token_account = user_load($user->uid); $token_account = user_load($user->uid);
} }
} }
}
return islandora_datastream_access($perm, $datastream, $token_account); return islandora_datastream_access($perm, $datastream, $token_account);
} }

Loading…
Cancel
Save