diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-12-17 13:10:19 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-12-17 13:10:19 +0000 |
commit | f3710830c4ce624f2212b19228859d091e6c7ad6 (patch) | |
tree | 25683c69715a00100a4a9f8fd89ad97fce85565f | |
parent | caa214f17c5a9d441e6a2ac0ec129c0d6068b2cb (diff) | |
download | brdo-f3710830c4ce624f2212b19228859d091e6c7ad6.tar.gz brdo-f3710830c4ce624f2212b19228859d091e6c7ad6.tar.bz2 |
- Patch #190867 by chx: fixed access to creating path aliases.
-rw-r--r-- | includes/menu.inc | 35 | ||||
-rw-r--r-- | includes/path.inc | 36 | ||||
-rw-r--r-- | modules/menu/menu.admin.inc | 2 | ||||
-rw-r--r-- | modules/path/path.admin.inc | 3 | ||||
-rw-r--r-- | modules/system/system.admin.inc | 3 |
5 files changed, 40 insertions, 39 deletions
diff --git a/includes/menu.inc b/includes/menu.inc index 7b79f5a5f..5c3592042 100644 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -430,7 +430,7 @@ function menu_get_item($path = NULL, $router_item = NULL) { /** * Execute the page callback associated with the current path. - * + * * @param $path * The drupal path whose handler is to be be executed. If set to NULL, then * the current path is used. @@ -3315,38 +3315,5 @@ function _menu_site_is_offline($check_only = FALSE) { } /** - * Validates the path of a menu link being created or edited. - * - * @return - * TRUE if it is a valid path AND the current user has access permission, - * FALSE otherwise. - */ -function menu_valid_path($form_item) { - global $menu_admin; - $item = array(); - $path = $form_item['link_path']; - // We indicate that a menu administrator is running the menu access check. - $menu_admin = TRUE; - if ($path == '<front>' || url_is_external($path)) { - $item = array('access' => TRUE); - } - elseif (preg_match('/\/\%/', $path)) { - // Path is dynamic (ie 'user/%'), so check directly against menu_router table. - if ($item = db_query("SELECT * FROM {menu_router} where path = :path", array(':path' => $path))->fetchAssoc()) { - $item['link_path'] = $form_item['link_path']; - $item['link_title'] = $form_item['link_title']; - $item['external'] = FALSE; - $item['options'] = ''; - _menu_link_translate($item); - } - } - else { - $item = menu_get_item($path); - } - $menu_admin = FALSE; - return $item && $item['access']; -} - -/** * @} End of "defgroup menu". */ diff --git a/includes/path.inc b/includes/path.inc index 7d9fc1631..c83a0eec8 100644 --- a/includes/path.inc +++ b/includes/path.inc @@ -547,3 +547,39 @@ function path_get_admin_paths() { } return $patterns; } + +/** + * Checks a path exists and the current user has access to it. + * + * @param $path + * The path to check. + * @param $dynamic_allowed + * Whether paths with menu wildcards (like user/%) should be allowed. + * + * @return + * TRUE if it is a valid path AND the current user has access permission, + * FALSE otherwise. + */ +function drupal_valid_path($path, $dynamic_allowed = FALSE) { + global $menu_admin; + // We indicate that a menu administrator is running the menu access check. + $menu_admin = TRUE; + if ($path == '<front>' || url_is_external($path)) { + $item = array('access' => TRUE); + } + elseif ($dynamic_allowed && preg_match('/\/\%/', $path)) { + // Path is dynamic (ie 'user/%'), so check directly against menu_router table. + if ($item = db_query("SELECT * FROM {menu_router} where path = :path", array(':path' => $path))->fetchAssoc()) { + $item['link_path'] = $form_item['link_path']; + $item['link_title'] = $form_item['link_title']; + $item['external'] = FALSE; + $item['options'] = ''; + _menu_link_translate($item); + } + } + else { + $item = menu_get_item($path); + } + $menu_admin = FALSE; + return $item && $item['access']; +} diff --git a/modules/menu/menu.admin.inc b/modules/menu/menu.admin.inc index 5522e5f93..2eb644f23 100644 --- a/modules/menu/menu.admin.inc +++ b/modules/menu/menu.admin.inc @@ -363,7 +363,7 @@ function menu_edit_item_validate($form, &$form_state) { $item['link_path'] = $parsed_link['path']; } } - if (!trim($item['link_path']) || !menu_valid_path($item)) { + if (!trim($item['link_path']) || !drupal_valid_path($item['link_path'], TRUE)) { form_set_error('link_path', t("The path '@link_path' is either invalid or you do not have access to it.", array('@link_path' => $item['link_path']))); } } diff --git a/modules/path/path.admin.inc b/modules/path/path.admin.inc index 94fbf5d4c..ba7586cd1 100644 --- a/modules/path/path.admin.inc +++ b/modules/path/path.admin.inc @@ -163,8 +163,7 @@ function path_admin_form_validate($form, &$form_state) { if ($has_alias) { form_set_error('alias', t('The alias %alias is already in use in this language.', array('%alias' => $alias))); } - $item = menu_get_item($source); - if (!$item || !$item['access']) { + if (!drupal_valid_path($source)) { form_set_error('source', t("The path '@link_path' is either invalid or you do not have access to it.", array('@link_path' => $source))); } } diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index 1d326da95..3073f62e2 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -1483,8 +1483,7 @@ function system_site_information_settings_validate($form, &$form_state) { // Get the normal path of the front page. form_set_value($form['site_frontpage'], drupal_get_normal_path($form_state['values']['site_frontpage']), $form_state); // Validate front page path. - $item = array('link_path' => $form_state['values']['site_frontpage']); - if (!menu_valid_path($item)) { + if (!drupal_valid_path($form_state['values']['site_frontpage'])) { form_set_error('site_frontpage', t("The path '@path' is either invalid or you do not have access to it.", array('@path' => $item['link_path']))); } } |