Browse Source

more secure, more documented tokens

pull/217/head
William Panting 12 years ago
parent
commit
b25d691d8d
  1. 9
      islandora.module

9
islandora.module

@ -536,7 +536,7 @@ function islandora_object_load($object_id) {
*/ */
function islandora_tokened_object_load($object_id, $map) { function islandora_tokened_object_load($object_id, $map) {
if (array_key_exists('token', $_GET)) { if (array_key_exists('token', $_GET)) {
$token = $_GET['token']; $token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
if ($token) { if ($token) {
module_load_include('inc', 'islandora', 'includes/islandora_authtokens'); module_load_include('inc', 'islandora', 'includes/islandora_authtokens');
$token_user = islandora_validate_object_token($object_id, $map[4], $token); $token_user = islandora_validate_object_token($object_id, $map[4], $token);
@ -550,7 +550,12 @@ function islandora_tokened_object_load($object_id, $map) {
* This datastream load must take in arguments in a different * This datastream load must take in arguments in a different
* order than the usual islandora_datastream_load. This is because * order than the usual islandora_datastream_load. This is because
* the function islandora_tokened_object_load needs DSID. It uses * the function islandora_tokened_object_load needs DSID. It uses
* the path %map to avoid duplicate parameters. * the path %map to avoid duplicate parameters. The menu system
* passes 'load arguments' to both islandora_tokened_object_load
* and this function and the first parameter is positional with the token.
* An alternative:
* islandora_tokened_object_load(PID, DSID, PID)
* islandora_tokened_datastream_load(DSID, DSID, PID)
* *
* @param mixed $datastream_id * @param mixed $datastream_id
* %islandora_tokened_datastream @see islandora_datastream_load * %islandora_tokened_datastream @see islandora_datastream_load

Loading…
Cancel
Save