function autosave_restore_access in Autosave 7.2

Access callback for the form restore menu callback.

For security reasons, we need to confirm that the user would have access to the page where the form lives in the first place. If they don't, they should not be able to access its saved version. We also check that the form's token is correct to avoid CSRF attacks.

Parameters

string $form_id: The form_id of the form to reload.

int $timestamp: The timestamp at which the autosaved form was saved. This is used to differentiate between different people mucking with the same form.

string $form_token: The form token used for CSRF prevention.

Return value

boolean True if the user should have restore access to this form, false otherwise.

1 string reference to 'autosave_restore_access'

autosave_menu in ./autosave.module: Implements hook_menu().

File

./autosave.module, line 373: Does background saves of node being edited.

Code

function autosave_restore_access($form_id, $timestamp, $form_token) {
  $record = autosave_get_autosaved_form($form_id, $timestamp, $GLOBALS['user']->uid);
  if (isset($record->path)) {
    $menu_item = autosave_menu_get_item($record->path);
    $token = drupal_valid_token($form_token, $form_id);
    $menu = isset($menu_item['access']) ? $menu_item['access'] : FALSE;
    return $token && $menu;
  }
}

You are here

function autosave_restore_access in Autosave 7.2

Parameters

Return value

File

Code

API Navigation