summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormr.baileys2012-04-18 14:23:27 (GMT)
committer Pedro Cambra2012-04-18 14:23:27 (GMT)
commitbf060ab23818acc72701e59278bbcafe31ec1e95 (patch)
tree5fcaf4464cb5f088e9051caa1114371f16a87811
parentd3a40322185113765aa732b7977ba733983abdbe (diff)
Fix security issue7.x-1.17.x-1.x
-rw-r--r--commerce_reorder.module26
1 files changed, 17 insertions, 9 deletions
diff --git a/commerce_reorder.module b/commerce_reorder.module
index 628fc61..5e6f72a 100644
--- a/commerce_reorder.module
+++ b/commerce_reorder.module
@@ -16,7 +16,6 @@ function commerce_reorder_menu() {
'title' => 'Reorder',
'page callback' => 'commerce_reorder_reorder_tab',
'page arguments' => array(3),
- // 'access arguments' => array('view', 3),
'access arguments' => array('commerce_reorder_access'),
'type' => MENU_LOCAL_TASK,
'weight' => 15,
@@ -49,18 +48,27 @@ function commerce_reorder_views_api() {
}
/**
+ * Dynamically add a CSRF-protection token to the reorder-links usin a
+ * preprocess function.
+ *
+ * @see http://drupal.org/node/755584 for a reference to CSRF tokens for menus.
+ */
+function commerce_reorder_preprocess_link(&$variables) {
+ $path = explode('/', $variables['path']);
+ if (strpos($variables['path'], 'admin/commerce/orders/') === 0 && array_pop($path) == 'reorder') {
+ $variables['options']['query']['token'] = drupal_get_token('commerce_reorder:' . $path[3]);
+ }
+}
+
+/**
* Perform the reorder action for the operations menu
* */
function commerce_reorder_reorder_tab($order) {
- global $user;
-
- // Check permission - user can only reorder an order they have permission to view.
- if (!commerce_order_access('view', $order, $user)) {
- drupal_access_denied();
- return;
+ if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'commerce_reorder:' . $order->order_id) || !commerce_order_access('view', $order)) {
+ return MENU_ACCESS_DENIED;
}
-
- commerce_reorder_helper($order, $user);
+
+ commerce_reorder_helper($order);
drupal_set_message(t('Order copied to your cart.'));
// Redirect to the checkout with the new cart.