Commit 56ac5ec8 authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #3038077 by dsnopek: [ubercart] Update for SA-CONTRIB-2019-032

parent 3b192f93
diff --git a/uc_taxes/uc_taxes.admin.inc b/uc_taxes/uc_taxes.admin.inc
index 474835dd..e08304a4 100644
--- a/uc_taxes/uc_taxes.admin.inc
+++ b/uc_taxes/uc_taxes.admin.inc
@@ -11,6 +11,8 @@
function uc_taxes_admin_settings() {
$rows = array();
+ $options = array('query' => array('token' => drupal_get_token('uc_taxes_clone')));
+
$header = array(t('Name'), t('Rate'), t('Taxed products'), t('Taxed product types'), t('Taxed line items'), t('Weight'), 'data' => t('Operations'));
// Loop through all the defined tax rates.
@@ -19,7 +21,7 @@ function uc_taxes_admin_settings() {
$ops = array(
l(t('edit'), 'admin/store/settings/taxes/'. $rate_id .'/edit'),
l(t('conditions'), CA_UI_PATH .'/uc_taxes_'. $rate_id .'/edit/conditions'),
- l(t('clone'), 'admin/store/settings/taxes/'. $rate_id .'/clone'),
+ l(t('clone'), 'admin/store/settings/taxes/' . $rate_id .'/clone', $options),
l(t('delete'), 'admin/store/settings/taxes/'. $rate_id .'/delete'),
);
@@ -199,6 +201,10 @@ function uc_taxes_form_submit($form, &$form_state) {
* Clones a tax rate.
*/
function uc_taxes_clone($rate_id) {
+ if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'uc_taxes_clone')) {
+ return MENU_ACCESS_DENIED;
+ }
+
// Load the source rate object.
$rate = uc_taxes_rate_load($rate_id);
$name = $rate->name;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment