summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/context_reaction_block.inc7
-rw-r--r--plugins/context_reaction_block.js5
-rw-r--r--theme/context_reaction_block.theme.inc5
3 files changed, 16 insertions, 1 deletions
diff --git a/plugins/context_reaction_block.inc b/plugins/context_reaction_block.inc
index ad3236e..6293210 100644
--- a/plugins/context_reaction_block.inc
+++ b/plugins/context_reaction_block.inc
@@ -561,7 +561,7 @@ class context_reaction_block extends context_reaction {
}
foreach ($headers as $header) {
- if ($header == "HTTP/1.1 404 Not Found" || $header == "HTTP/1.1 403 Forbidden") {
+ if (strpos($header, "404 Not Found") !== FALSE || strpos($header, "403 Forbidden") !== FALSE) {
return;
}
}
@@ -572,6 +572,11 @@ class context_reaction_block extends context_reaction {
if (strpos($param, ',') !== FALSE) {
list($bid, $context) = explode(',', $param);
list($module, $delta) = explode('-', $bid, 2);
+ // Check token to make sure user has access to block.
+ if (empty($_GET['context_token']) || $_GET['context_token'] != drupal_get_token($bid)) {
+ echo drupal_to_js(array('status' => 0));
+ exit;
+ }
// Ensure $bid is valid.
$info = $this->get_blocks();
diff --git a/plugins/context_reaction_block.js b/plugins/context_reaction_block.js
index 67e2031..8a937e2 100644
--- a/plugins/context_reaction_block.js
+++ b/plugins/context_reaction_block.js
@@ -242,6 +242,11 @@ DrupalContextBlockEditor.prototype.addBlock = function(event, ui, editor, contex
// Construct query params for our AJAX block request.
var params = Drupal.settings.contextBlockEditor.params;
params.context_block = bid + ',' + context;
+ if (!Drupal.settings.contextBlockEditor.block_tokens || !Drupal.settings.contextBlockEditor.block_tokens[bid]) {
+ alert(Drupal.t('An error occurred trying to retrieve block content. Please contact a site administer.'));
+ return;
+ }
+ params.context_token = Drupal.settings.contextBlockEditor.block_tokens[bid];
// Replace item with loading block.
var blockLoading = $('<div class="context-block-item context-block-loading"><span class="icon"></span></div>');
diff --git a/theme/context_reaction_block.theme.inc b/theme/context_reaction_block.theme.inc
index 85992ec..b5c2813 100644
--- a/theme/context_reaction_block.theme.inc
+++ b/theme/context_reaction_block.theme.inc
@@ -91,8 +91,13 @@ function template_preprocess_context_block_browser(&$vars) {
* Preprocessor for theme('context_block_browser_item').
*/
function template_preprocess_context_block_browser_item(&$vars) {
+ static $added = array();
$vars['bid'] = $vars['block']->bid;
$vars['info'] = check_plain($vars['block']->info);
+ if (empty($added[$vars['bid']])) {
+ drupal_add_js(array('contextBlockEditor' => array('block_tokens' => array($vars['bid'] => drupal_get_token($vars['bid'])))), 'setting');
+ $added[$vars['bid']] = TRUE;
+ }
}
/**