Security update for Core, with self-updated composer

[yaffs-website] / web / core / modules / book / src / BookManager.php

diff --git a/web/core/modules/book/src/BookManager.php b/web/core/modules/book/src/BookManager.php
index 3e14c400767e267b50712d11e77b4361889445ef..3db359b2c5cc12a15d71ee8f20bbb2ef5d31b3df 100644 (file)
--- a/web/core/modules/book/src/BookManager.php
+++ b/web/core/modules/book/src/BookManager.php
@@ -275,6 +275,20 @@ class BookManager implements BookManagerInterface {
       // handle it here if it did not.
       $node->book['pid'] = $node->book['bid'];
     }
+
+    // Prevent changes to the book outline if the node being saved is not the
+    // default revision.
+    $updated = FALSE;
+    if (!$new) {
+      $original = $this->loadBookLink($node->id(), FALSE);
+      if ($node->book['bid'] != $original['bid'] || $node->book['pid'] != $original['pid'] || $node->book['weight'] != $original['weight']) {
+        $updated = TRUE;
+      }
+    }
+    if (($new || $updated) && !$node->isDefaultRevision()) {
+      return FALSE;
+    }
+
     return $this->saveBookLink($node->book, $new);
   }