diff options
author | webchick <webchick@24967.no-reply.drupal.org> | 2012-02-01 13:46:20 -0800 |
---|---|---|
committer | webchick <webchick@24967.no-reply.drupal.org> | 2012-02-01 13:46:20 -0800 |
commit | 7bb06635ee0fbb36d5e4b24368e8224976dba852 (patch) | |
tree | 0fc7622ac7fcb96a18eb8edae2d09d8e28d6a407 /modules/aggregator | |
parent | 52ffc1eae3f2bdd44a508139b483f01098cb945e (diff) | |
parent | 40093b2fa7dde4a5f3c6806aad91b9302c232903 (diff) | |
download | brdo-7bb06635ee0fbb36d5e4b24368e8224976dba852.tar.gz brdo-7bb06635ee0fbb36d5e4b24368e8224976dba852.tar.bz2 |
Drupal 7.12
Diffstat (limited to 'modules/aggregator')
-rw-r--r-- | modules/aggregator/aggregator.admin.inc | 5 | ||||
-rw-r--r-- | modules/aggregator/aggregator.test | 13 |
2 files changed, 12 insertions, 6 deletions
diff --git a/modules/aggregator/aggregator.admin.inc b/modules/aggregator/aggregator.admin.inc index 91bc75f34..9f92a6705 100644 --- a/modules/aggregator/aggregator.admin.inc +++ b/modules/aggregator/aggregator.admin.inc @@ -33,7 +33,7 @@ function aggregator_view() { ($feed->checked && $feed->refresh ? t('%time left', array('%time' => format_interval($feed->checked + $feed->refresh - REQUEST_TIME))) : t('never')), l(t('edit'), "admin/config/services/aggregator/edit/feed/$feed->fid"), l(t('remove items'), "admin/config/services/aggregator/remove/$feed->fid"), - l(t('update items'), "admin/config/services/aggregator/update/$feed->fid"), + l(t('update items'), "admin/config/services/aggregator/update/$feed->fid", array('query' => array('token' => drupal_get_token("aggregator/update/$feed->fid")))), ); } $output .= theme('table', array('header' => $header, 'rows' => $rows, 'empty' => t('No feeds available. <a href="@link">Add feed</a>.', array('@link' => url('admin/config/services/aggregator/add/feed'))))); @@ -404,6 +404,9 @@ function _aggregator_parse_opml($opml) { * An object describing the feed to be refreshed. */ function aggregator_admin_refresh_feed($feed) { + if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'aggregator/update/' . $feed->fid)) { + return MENU_ACCESS_DENIED; + } aggregator_refresh($feed); drupal_goto('admin/config/services/aggregator'); } diff --git a/modules/aggregator/aggregator.test b/modules/aggregator/aggregator.test index b224b7938..5609d68ae 100644 --- a/modules/aggregator/aggregator.test +++ b/modules/aggregator/aggregator.test @@ -92,8 +92,13 @@ class AggregatorTestCase extends DrupalWebTestCase { $this->drupalGet($feed->url); $this->assertResponse(200, t('!url is reachable.', array('!url' => $feed->url))); - // Refresh the feed (simulated link click). + // Attempt to access the update link directly without an access token. $this->drupalGet('admin/config/services/aggregator/update/' . $feed->fid); + $this->assertResponse(403); + + // Refresh the feed (simulated link click). + $this->drupalGet('admin/config/services/aggregator'); + $this->clickLink('update items'); // Ensure we have the right number of items. $result = db_query('SELECT iid FROM {aggregator_item} WHERE fid = :fid', array(':fid' => $feed->fid)); @@ -498,8 +503,8 @@ class UpdateFeedItemTestCase extends AggregatorTestCase { $this->assertRaw(t('The feed %name has been added.', array('%name' => $edit['title'])), t('The feed !name has been added.', array('!name' => $edit['title']))); $feed = db_query("SELECT * FROM {aggregator_feed} WHERE url = :url", array(':url' => $edit['url']))->fetchObject(); - $this->drupalGet('admin/config/services/aggregator/update/' . $feed->fid); + aggregator_refresh($feed); $before = db_query('SELECT timestamp FROM {aggregator_item} WHERE fid = :fid', array(':fid' => $feed->fid))->fetchField(); // Sleep for 3 second. @@ -513,10 +518,9 @@ class UpdateFeedItemTestCase extends AggregatorTestCase { 'modified' => 0, )) ->execute(); - $this->drupalGet('admin/config/services/aggregator/update/' . $feed->fid); + aggregator_refresh($feed); $after = db_query('SELECT timestamp FROM {aggregator_item} WHERE fid = :fid', array(':fid' => $feed->fid))->fetchField(); - $this->assertTrue($before === $after, t('Publish timestamp of feed item was not updated (!before === !after)', array('!before' => $before, '!after' => $after))); } } @@ -916,4 +920,3 @@ class FeedParserTestCase extends AggregatorTestCase { $this->assertEqual('urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a', db_query('SELECT guid FROM {aggregator_item} WHERE link = :link', array(':link' => 'http://example.org/2003/12/13/atom03'))->fetchField(), 'Atom entry id element is parsed correctly.'); } } - |