Commit 002769ef authored by Dries's avatar Dries

- Patch #1591604 by underq, chrisdolby, Albert Volkman, pfrenssen: replace...

- Patch #1591604 by underq, chrisdolby, Albert Volkman, pfrenssen: replace drupal_access_denied() with throw AccessDeniedHttpException.
parent 1ed9d794
......@@ -698,19 +698,6 @@ function drupal_site_offline() {
drupal_deliver_page(MENU_SITE_OFFLINE);
}
/**
* Delivers an "access denied" error to the browser.
*
* Page callback functions wanting to report an "access denied" message should
* return MENU_ACCESS_DENIED instead of calling drupal_access_denied(). However,
* functions that are invoked in contexts where that return value might not
* bubble up to menu_execute_active_handler() should call
* drupal_access_denied().
*/
function drupal_access_denied() {
throw new AccessDeniedHttpException();
}
/**
* Performs an HTTP request.
*
......
......@@ -1943,9 +1943,9 @@ function file_transfer($uri, $headers) {
* Call modules that implement hook_file_download() to find out if a file is
* accessible and what headers it should be transferred with. If one or more
* modules returned headers the download will start with the returned headers.
* If a module returns -1 drupal_access_denied() will be returned. If the file
* exists but no modules responded drupal_access_denied() will be returned.
* If the file does not exist a NotFoundHttpException will be thrown.
* If a module returns -1 an AccessDeniedHttpException will be thrown.
* If the file exists but no modules responded an AccessDeniedHttpException will
* be thrown.If the file does not exist a NotFoundHttpException will be thrown.
*
* @see hook_file_download()
* @see system_menu()
......
......@@ -5,6 +5,8 @@
* Admin page callbacks for the aggregator module.
*/
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
/**
* Page callback: Displays the aggregator administration page.
*
......@@ -411,7 +413,7 @@ function aggregator_admin_refresh_feed($feed) {
// generation. Add token support to routing: http://drupal.org/node/755584.
$token = request()->query->get('token');
if (!isset($token) || !drupal_valid_token($token, 'aggregator/update/' . $feed->fid)) {
drupal_access_denied();
throw new AccessDeniedHttpException();
}
aggregator_refresh($feed);
......
......@@ -6,6 +6,7 @@
*/
use Drupal\node\Node;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
......@@ -89,7 +90,7 @@ function book_export_html($nid) {
}
}
else {
drupal_access_denied();
throw new AccessDeniedHttpException();
}
}
......
......@@ -6,6 +6,7 @@
*/
use Drupal\node\Node;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
......@@ -117,7 +118,7 @@ function comment_approve($cid) {
// generation. Add token support to routing: http://drupal.org/node/755584.
$token = request()->query->get('token');
if (!isset($token) || !drupal_valid_token($token, "comment/$cid/approve")) {
drupal_access_denied();
throw new AccessDeniedHttpException();
}
if ($comment = comment_load($cid)) {
......
......@@ -5,6 +5,7 @@
* Page callbacks for the Contact module.
*/
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
......@@ -23,8 +24,7 @@ function contact_site_form($form, &$form_state) {
$window = variable_get('contact_threshold_window', 3600);
if (!flood_is_allowed('contact', $limit, $window) && !user_access('administer contact forms')) {
drupal_set_message(t("You cannot send more than %limit messages in @interval. Try again later.", array('%limit' => $limit, '@interval' => format_interval($window))), 'error');
drupal_access_denied();
drupal_exit();
throw new AccessDeniedHttpException();
}
// Get an array of the categories and the current default category.
......@@ -184,8 +184,7 @@ function contact_personal_form($form, &$form_state, $recipient) {
$window = variable_get('contact_threshold_window', 3600);
if (!flood_is_allowed('contact', $limit, $window) && !user_access('administer contact forms') && !user_access('administer users')) {
drupal_set_message(t("You cannot send more than %limit messages in @interval. Try again later.", array('%limit' => $limit, '@interval' => format_interval($window))), 'error');
drupal_access_denied();
drupal_exit();
throw new AccessDeniedHttpException();
}
drupal_set_title(t('Contact @username', array('@username' => user_format_name($recipient))), PASS_THROUGH);
......
......@@ -7,6 +7,7 @@
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\StreamedResponse;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Drupal\Core\File\File;
/**
......@@ -695,7 +696,7 @@ function image_style_deliver($style, $scheme) {
else {
$headers = module_invoke_all('file_download', $image_uri);
if (in_array(-1, $headers) || empty($headers)) {
return drupal_access_denied();
throw new AccessDeniedHttpException();
}
if (count($headers)) {
foreach ($headers as $name => $value) {
......
......@@ -5,6 +5,8 @@
* Administrative page callbacks for menu module.
*/
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
/**
* Menu callback which shows an overview page of all the custom menus and their descriptions.
*/
......@@ -506,8 +508,7 @@ function menu_delete_menu_page($menu) {
// System-defined menus may not be deleted.
$system_menus = menu_list_system_menus();
if (isset($system_menus[$menu['menu_name']])) {
drupal_access_denied();
return;
throw new AccessDeniedHttpException();
}
return drupal_get_form('menu_delete_menu_confirm', $menu);
}
......@@ -616,8 +617,7 @@ function menu_item_delete_page($item) {
// Links defined via hook_menu may not be deleted. Updated items are an
// exception, as they can be broken.
if ($item['module'] == 'system' && !$item['updated']) {
drupal_access_denied();
return;
throw new AccessDeniedHttpException();
}
return drupal_get_form('menu_item_delete_form', $item);
}
......
......@@ -6,6 +6,7 @@
*/
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
/**
* Implements hook_help().
......@@ -334,7 +335,7 @@ function overlay_user_dismiss_message() {
// generation. Add token support to routing: http://drupal.org/node/755584.
$token = request()->query->get('token');
if (!isset($token) || !drupal_valid_token($token, 'overlay')) {
drupal_access_denied();
throw new AccessDeniedHttpException();
}
$account = user_load($user->uid);
......
......@@ -5,6 +5,8 @@
* Administrative page callbacks for the shortcut module.
*/
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
/**
* Returns the maximum number of shortcut "slots" available per shortcut set.
*
......@@ -775,5 +777,5 @@ function shortcut_link_add_inline($shortcut_set) {
drupal_goto();
}
return drupal_access_denied();
throw new AccessDeniedHttpException();
}
......@@ -6,6 +6,7 @@
*/
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
/**
* Menu callback; Provide the administration overview page.
......@@ -280,7 +281,7 @@ function system_theme_enable() {
}
drupal_goto('admin/appearance');
}
return drupal_access_denied();
throw new AccessDeniedHttpException();
}
/**
......@@ -308,7 +309,7 @@ function system_theme_disable() {
}
drupal_goto('admin/appearance');
}
return drupal_access_denied();
throw new AccessDeniedHttpException();
}
/**
......@@ -355,7 +356,7 @@ function system_theme_default() {
}
drupal_goto('admin/appearance');
}
return drupal_access_denied();
throw new AccessDeniedHttpException();
}
/**
......@@ -2303,7 +2304,7 @@ function system_batch_page() {
$output = _batch_page();
if ($output === FALSE) {
drupal_access_denied();
throw new AccessDeniedHttpException();
}
elseif ($output instanceof Response) {
return $output;
......
......@@ -5,6 +5,8 @@
* User page callback file for the user module.
*/
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
/**
* Menu callback; Retrieve a JSON object containing autocomplete suggestions for existing users.
*/
......@@ -157,7 +159,7 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
else {
// Deny access, no more clues.
// Everything will be in the watchdog's URL for the administrator to check.
drupal_access_denied();
throw new AccessDeniedHttpException();
}
}
}
......@@ -480,7 +482,7 @@ function user_cancel_confirm($account, $timestamp = 0, $hashed_pass = '') {
drupal_goto("user/$account->uid/cancel");
}
}
drupal_access_denied();
throw new AccessDeniedHttpException();
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment