/[drupal]/contributions/modules/wishlist/wishlist.page.inc
ViewVC logotype

Diff of /contributions/modules/wishlist/wishlist.page.inc

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.1.2.1, Sat Mar 1 06:11:16 2008 UTC revision 1.1.2.2, Thu Dec 18 05:26:26 2008 UTC
# Line 1  Line 1 
1  <?php  <?php
2  /* $Id: wishlist.page.inc,v 1.1 2007/11/25 03:34:04 smclewin Exp $ */  /* $Id: wishlist.page.inc,v 1.1.2.1 2008/03/01 06:11:16 smclewin Exp $ */
3  // Wishlist management module for Drupal  // Wishlist management module for Drupal
4  // Written by Scott McLewin and Melanie Paul-McLewin  // Written by Scott McLewin and Melanie Paul-McLewin
5  // drupal AT mclewin DOT com  // drupal AT mclewin DOT com
6    
7    
8    
9  /**  /**
10   * Menu callback function to handle the "wishlist" URL   * Menu callback function to handle the "wishlist" URL
11   *   *
# Line 221  function _wishlist_fill_list_table_array Line 223  function _wishlist_fill_list_table_array
223             } else {             } else {
224             $rowdata[] = array("data" =>             $rowdata[] = array("data" =>
225              (user_access('access wishlists') && $node->item_quantity_requested > $node->item_quantity_purchased) ?              (user_access('access wishlists') && $node->item_quantity_requested > $node->item_quantity_purchased) ?
226                 l(t('Get this gift'), "wishlist/item/$node->nid/purchase")                 l(t('Get this gift'), "wishlist/item/$node->nid/purchase", array('query' => array(WISHLIST_SEC_TOKEN_NAME => drupal_get_token(WISHLIST_SEC_TOKEN_VALUE))))
227                : (($node->item_quantity_purchased >= $node->item_quantity_requested) ? t("(none left to purchase)")                : (($node->item_quantity_purchased >= $node->item_quantity_requested) ? t("(none left to purchase)")
228                 : l(t("Login to get this gift"), "user/login")));                 : l(t("Login to get this gift"), "user/login")));
229             }             }
# Line 292  function _wishlist_get_default_showcolum Line 294  function _wishlist_get_default_showcolum
294   *   output for display (via theme('page', ...))   *   output for display (via theme('page', ...))
295   */   */
296  function _wishlist_item_action_handler($nid, $action, $wishlist_purch_id) {  function _wishlist_item_action_handler($nid, $action, $wishlist_purch_id) {
297    
298        // Verify that the action URL is being called from a page that was offered up to
299        // the current user.  The drupal_get_token()/drupal_valid_token() pair ensure
300        // a degree of security against cross site scripting vulnerabilities
301        if(!drupal_valid_token($_GET[WISHLIST_SEC_TOKEN_NAME], WISHLIST_SEC_TOKEN_VALUE, false)) {
302            return t('Failed to validate the action security token.  This may be due to 1) Allowing anonymous users to take action on wishlist items on your site (they cannot) 2) A cross site scripting attempt  3) An error in the wishlist module where an action URL was not given a security token.');
303            return;
304        }
305    
306    
307     if(!is_numeric($nid)) {     if(!is_numeric($nid)) {
308        watchdog('error', "Invalid node argument to wishlist_item_action_handler[".$nid."]");        watchdog('error', "Invalid node argument to wishlist_item_action_handler[".$nid."]");
309        return theme("page", "Invalid node argument to wishlist_item_action_handler[".$nid."]");        return "Invalid node argument to wishlist_item_action_handler[".$nid."]";
310     }     }
311    
312     switch($action) {     switch($action) {
Legend:
Removed from v.1.1.2.1  
changed lines
  Added in v.1.1.2.2
  ViewVC Help
Powered by ViewVC 1.1.2