diff options
author | David Rothstein <drothstein@gmail.com> | 2013-01-16 16:56:53 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2013-01-16 16:56:53 -0500 |
commit | ca55fc249ca2edba301ba426579376c94f4258f4 (patch) | |
tree | f1a695a5c37e85f4d186e60bcb070f1636233f88 /modules/book/book.pages.inc | |
parent | a03edeb357816e1fa68586e1fef5be0d8f5257c3 (diff) | |
parent | 1d4604da252f0e6e19339957ec214388f61b908d (diff) | |
download | brdo-ca55fc249ca2edba301ba426579376c94f4258f4.tar.gz brdo-ca55fc249ca2edba301ba426579376c94f4258f4.tar.bz2 |
Merge branch '7.18-security' into 7.x
Diffstat (limited to 'modules/book/book.pages.inc')
-rw-r--r-- | modules/book/book.pages.inc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/book/book.pages.inc b/modules/book/book.pages.inc index 19f61158c..e5a04c5a2 100644 --- a/modules/book/book.pages.inc +++ b/modules/book/book.pages.inc @@ -45,6 +45,15 @@ function book_render() { * @see book_menu() */ function book_export($type, $nid) { + // Check that the node exists and that the current user has access to it. + $node = node_load($nid); + if (!$node) { + return MENU_NOT_FOUND; + } + if (!node_access('view', $node)) { + return MENU_ACCESS_DENIED; + } + $type = drupal_strtolower($type); $export_function = 'book_export_' . $type; |