Commit f3710830 authored by Dries's avatar Dries

- Patch #190867 by chx: fixed access to creating path aliases.

parent caa214f1
......@@ -430,7 +430,7 @@ function menu_get_item($path = NULL, $router_item = NULL) {
/**
* Execute the page callback associated with the current path.
*
*
* @param $path
* The drupal path whose handler is to be be executed. If set to NULL, then
* the current path is used.
......@@ -3314,39 +3314,6 @@ function _menu_site_is_offline($check_only = FALSE) {
return FALSE;
}
/**
* Validates the path of a menu link being created or edited.
*
* @return
* TRUE if it is a valid path AND the current user has access permission,
* FALSE otherwise.
*/
function menu_valid_path($form_item) {
global $menu_admin;
$item = array();
$path = $form_item['link_path'];
// We indicate that a menu administrator is running the menu access check.
$menu_admin = TRUE;
if ($path == '<front>' || url_is_external($path)) {
$item = array('access' => TRUE);
}
elseif (preg_match('/\/\%/', $path)) {
// Path is dynamic (ie 'user/%'), so check directly against menu_router table.
if ($item = db_query("SELECT * FROM {menu_router} where path = :path", array(':path' => $path))->fetchAssoc()) {
$item['link_path'] = $form_item['link_path'];
$item['link_title'] = $form_item['link_title'];
$item['external'] = FALSE;
$item['options'] = '';
_menu_link_translate($item);
}
}
else {
$item = menu_get_item($path);
}
$menu_admin = FALSE;
return $item && $item['access'];
}
/**
* @} End of "defgroup menu".
*/
......@@ -547,3 +547,39 @@ function path_get_admin_paths() {
}
return $patterns;
}
/**
* Checks a path exists and the current user has access to it.
*
* @param $path
* The path to check.
* @param $dynamic_allowed
* Whether paths with menu wildcards (like user/%) should be allowed.
*
* @return
* TRUE if it is a valid path AND the current user has access permission,
* FALSE otherwise.
*/
function drupal_valid_path($path, $dynamic_allowed = FALSE) {
global $menu_admin;
// We indicate that a menu administrator is running the menu access check.
$menu_admin = TRUE;
if ($path == '<front>' || url_is_external($path)) {
$item = array('access' => TRUE);
}
elseif ($dynamic_allowed && preg_match('/\/\%/', $path)) {
// Path is dynamic (ie 'user/%'), so check directly against menu_router table.
if ($item = db_query("SELECT * FROM {menu_router} where path = :path", array(':path' => $path))->fetchAssoc()) {
$item['link_path'] = $form_item['link_path'];
$item['link_title'] = $form_item['link_title'];
$item['external'] = FALSE;
$item['options'] = '';
_menu_link_translate($item);
}
}
else {
$item = menu_get_item($path);
}
$menu_admin = FALSE;
return $item && $item['access'];
}
......@@ -363,7 +363,7 @@ function menu_edit_item_validate($form, &$form_state) {
$item['link_path'] = $parsed_link['path'];
}
}
if (!trim($item['link_path']) || !menu_valid_path($item)) {
if (!trim($item['link_path']) || !drupal_valid_path($item['link_path'], TRUE)) {
form_set_error('link_path', t("The path '@link_path' is either invalid or you do not have access to it.", array('@link_path' => $item['link_path'])));
}
}
......
......@@ -163,8 +163,7 @@ function path_admin_form_validate($form, &$form_state) {
if ($has_alias) {
form_set_error('alias', t('The alias %alias is already in use in this language.', array('%alias' => $alias)));
}
$item = menu_get_item($source);
if (!$item || !$item['access']) {
if (!drupal_valid_path($source)) {
form_set_error('source', t("The path '@link_path' is either invalid or you do not have access to it.", array('@link_path' => $source)));
}
}
......
......@@ -1483,8 +1483,7 @@ function system_site_information_settings_validate($form, &$form_state) {
// Get the normal path of the front page.
form_set_value($form['site_frontpage'], drupal_get_normal_path($form_state['values']['site_frontpage']), $form_state);
// Validate front page path.
$item = array('link_path' => $form_state['values']['site_frontpage']);
if (!menu_valid_path($item)) {
if (!drupal_valid_path($form_state['values']['site_frontpage'])) {
form_set_error('site_frontpage', t("The path '@path' is either invalid or you do not have access to it.", array('@path' => $item['link_path'])));
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment