Project

General

Profile

« Previous | Next » 

Revision aea2f0ea

Added by Andreas Kohlbecker over 3 years ago

ref #9220 registratin page using query param 'identifier' to protect against CVE-2007-0450 vulnerability

View differences:

modules/cdm_dataportal/cdm_dataportal.module
2149 2149 
/**
2150 2150 
 * Returns a registration page as a Drupal node to be rendered by Drupal.
2151 2151 
 *
2152 
 * @param string  $registration_identifier_encoded
2152 
 * @param string  $registration_identifie
2153 2153 
 *   The persistent identifier of the registration urlencoded.
2154 2154 
 * @return mixed
2155 2155 
 *   The formatted registration page as node.
2156 2156 
 */
2157 
function cdm_dataportal_registration_page_view($registration_identifier_encoded) {
2157 
function cdm_dataportal_registration_page_view() {
2158 2158 

  		




  2159
  
  
    
  cdm_check_valid_portal_page("/\/cdm_dataportal\/registration\/.*$/");


  		




  2160
  
  
    
  $registration_page = cdm_dataportal_registration_view($registration_identifier_encoded);


  		




  
  2159
  
    
  cdm_check_valid_portal_page("/\/cdm_dataportal\/registration/");


  		




  
  2160
  
    
  $registration_identifier = $_REQUEST['identifier'];


  		




  
  2161
  
    
  $registration_page = cdm_dataportal_registration_view($registration_identifier);


  		




  2161
  2162
  
    
  return cdm_node_show_simulate($registration_page);


  		




  2162
  2163
  
    
}


  		




  2163
  2164
  
    

  		




  2164
  2165
  
    
/**


  		




  2165
  
  
    
 * @param $registration_identifier_encoded


  		




  
  2166
  
    
 * @param $registration_identifier


  		




  2166
  2167
  
    
 * @return array


  		




  2167
  2168
  
    
 *   The drupal render array for the registration view.


  		




  2168
  2169
  
    
 */


  		




  2169
  
  
    
function cdm_dataportal_registration_view($registration_identifier_encoded) {


  		




  2170
  
  
    

  		




  2171
  
  
    
  $registration_identifier = urldecode($registration_identifier_encoded); // FIXME remove


  		




  
  2170
  
    
function cdm_dataportal_registration_view($registration_identifier) {


  		




  2172
  2171
  
    

  		




  2173
  2172
  
    
  RenderHints::pushToRenderStack('registration_page');


  		




  2174
  2173
  
    
  RenderHints::setFootnoteListKey('registration_page');


  		












Also available in:  Unified diff