Merge branch '7.18-security' into 7.x

author: David Rothstein <drothstein@gmail.com> 2013-01-16 16:56:53 -0500
committer: David Rothstein <drothstein@gmail.com> 2013-01-16 16:56:53 -0500
commit: ca55fc249ca2edba301ba426579376c94f4258f4 (patch)
tree: f1a695a5c37e85f4d186e60bcb070f1636233f88 /modules/book/book.pages.inc
parent: a03edeb357816e1fa68586e1fef5be0d8f5257c3 (diff)
parent: 1d4604da252f0e6e19339957ec214388f61b908d (diff)
download: brdo-ca55fc249ca2edba301ba426579376c94f4258f4.tar.gz
brdo-ca55fc249ca2edba301ba426579376c94f4258f4.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/book/book.pages.inc b/modules/book/book.pages.inc
index 19f61158c..e5a04c5a2 100644
--- a/modules/book/book.pages.inc
+++ b/modules/book/book.pages.inc
@@ -45,6 +45,15 @@ function book_render() {
  * @see book_menu()
  */
 function book_export($type, $nid) {
+  // Check that the node exists and that the current user has access to it.
+  $node = node_load($nid);
+  if (!$node) {
+    return MENU_NOT_FOUND;
+  }
+  if (!node_access('view', $node)) {
+    return MENU_ACCESS_DENIED;
+  }
+
   $type = drupal_strtolower($type);
 
   $export_function = 'book_export_' . $type;
author	David Rothstein <drothstein@gmail.com>	2013-01-16 16:56:53 -0500
committer	David Rothstein <drothstein@gmail.com>	2013-01-16 16:56:53 -0500
commit	ca55fc249ca2edba301ba426579376c94f4258f4 (patch)
tree	f1a695a5c37e85f4d186e60bcb070f1636233f88 /modules/book/book.pages.inc
parent	a03edeb357816e1fa68586e1fef5be0d8f5257c3 (diff)
parent	1d4604da252f0e6e19339957ec214388f61b908d (diff)
download	brdo-ca55fc249ca2edba301ba426579376c94f4258f4.tar.gz brdo-ca55fc249ca2edba301ba426579376c94f4258f4.tar.bz2