function hosting_task_menu_access_csrf in Hosting 7.4
Same name and namespace in other branches
- 6.2 task/hosting_task.module \hosting_task_menu_access_csrf()
- 7.3 task/hosting_task.module \hosting_task_menu_access_csrf()
Access callback helper for hosting task menu items.
Implemented as a helper function since we only want to validate the CSRF token when the user accesses a certain path, not when (for example) building the list of tasks a user has access to.
@arg $node object the node object we're trying to access
@arg $task string the task type we're trying to do on the $node
See also
1 string reference to 'hosting_task_menu_access_csrf'
- hosting_task_menu in task/
hosting_task.module - Implements hook_menu().
File
- task/
hosting_task.module, line 380 - Web server node type is defined here.
Code
function hosting_task_menu_access_csrf($node, $task) {
global $user;
$interactive_tasks = array(
'migrate',
'clone',
);
// To prevent CSRF attacks, a unique token based upon user is used. Deny
// access if the token is missing or invalid. We only do this on
// non-interactive tasks.
if (!in_array($task, $interactive_tasks) && (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], $user->uid))) {
return FALSE;
}
// Call the main menu access handler.
return hosting_task_menu_access($node, $task);
}