1 filter.module | filter_dialog_access($format, $dialog_name, $account = NULL, $calling_path = NULL) |
Access callback: Generic dialog access check callback.
Ensures that a dialog is only opened from a safe calling page and via an AJAX request from the same site.
File
- core/
modules/ filter/ filter.module, line 203 - Framework for handling the filtering of content.
Code
function filter_dialog_access($format, $dialog_name, $account = NULL, $calling_path = NULL) {
if (!isset($account)) {
$account = $GLOBALS['user'];
}
if (!isset($calling_path) && isset($_GET['token'])) {
$calling_path = $_GET['calling_path'];
}
$format_access = filter_access($format, $account);
$tokens_match = FALSE;
if (isset($_GET['token'])) {
$tokens_match = ($_GET['token'] === filter_editor_dialog_token($format, $dialog_name, $account, $calling_path));
}
return $format_access && $tokens_match;
}