diff options
author | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-03-14 15:20:41 +0000 |
---|---|---|
committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-03-14 15:20:41 +0000 |
commit | a70522881e3b32483a1d0905683c1537c80b1e8d (patch) | |
tree | ab180d7bf7f3b1d38d3ef8168cb6f89b0d7368e5 /includes/menu.inc | |
parent | fe19714805e12e78aa59fe59c484a0a2019cd7c1 (diff) | |
download | brdo-a70522881e3b32483a1d0905683c1537c80b1e8d.tar.gz brdo-a70522881e3b32483a1d0905683c1537c80b1e8d.tar.bz2 |
- #53857: External URL suppor for menus broken by SA-2006-001
Diffstat (limited to 'includes/menu.inc')
-rw-r--r-- | includes/menu.inc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/includes/menu.inc b/includes/menu.inc index 4f43f0afa..69fa748fa 100644 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -1125,7 +1125,10 @@ function _menu_item_is_accessible($mid) { $path = substr($path, 0, strrpos($path, '/')); } if (empty($path)) { - return FALSE; + // Items without any access attribute up the chain are denied, unless they + // were created by the admin. They most likely point to non-Drupal directories + // or to an external URL and should be allowed. + return $menu['items'][$mid]['type'] & MENU_CREATED_BY_ADMIN; } return $menu['items'][$menu['path index'][$path]]['access']; } |