1 filter.module filter_dialog_access($format, $dialog_name, $account = NULL, $calling_path = NULL)

Access callback: Generic dialog access check callback.

Ensures that a dialog is only opened from a safe calling page and via an AJAX request from the same site.

File

core/modules/filter/filter.module, line 203
Framework for handling the filtering of content.

Code

function filter_dialog_access($format, $dialog_name, $account = NULL, $calling_path = NULL) {
  if (!isset($account)) {
    $account = $GLOBALS['user'];
  }
  if (!isset($calling_path) && isset($_GET['token'])) {
    $calling_path = $_GET['calling_path'];
  }

  $format_access = filter_access($format, $account);
  $tokens_match = FALSE;
  if (isset($_GET['token'])) {
    $tokens_match = ($_GET['token'] === filter_editor_dialog_token($format, $dialog_name, $account, $calling_path));
  }

  return $format_access && $tokens_match;
}