update Drupal 7.19

Signed-off-by: bachy <git@g-u-i.net>

modules/book/book.info

@@ -7,8 +7,8 @@ files[] = book.test
 configure = admin/content/book/settings
 stylesheets[all][] = book.css
 
-; Information added by drupal.org packaging script on 2012-11-07
-version = "7.17"
+; Information added by drupal.org packaging script on 2013-01-16
+version = "7.19"
 project = "drupal"
-datestamp = "1352325357"
+datestamp = "1358374870"
 

modules/book/book.pages.inc

@@ -38,6 +38,15 @@ function book_render() {
  *   format determined by the $type parameter.
  */
 function book_export($type, $nid) {
+  // Check that the node exists and that the current user has access to it.
+  $node = node_load($nid);
+  if (!$node) {
+    return MENU_NOT_FOUND;
+  }
+  if (!node_access('view', $node)) {
+    return MENU_ACCESS_DENIED;
+  }
+
   $type = drupal_strtolower($type);
 
   $export_function = 'book_export_' . $type;

modules/book/book.test

@@ -258,6 +258,13 @@ class BookTestCase extends DrupalWebTestCase {
     // Try getting the URL directly, and verify it fails.
     $this->drupalGet('book/export/html/' . $this->book->nid);
     $this->assertResponse('403', t('Anonymous user properly forbidden.'));
+
+    // Now grant anonymous users permission to view the printer-friendly
+    // version and verify that node access restrictions still prevent them from
+    // seeing it.
+    user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access printer-friendly version'));
+    $this->drupalGet('book/export/html/' . $this->book->nid);
+    $this->assertResponse('403', 'Anonymous user properly forbidden from seeing the printer-friendly version when denied by node access.');
   }
 
   /**