require access token to view, query, or join directories in private realms, if the realm is so configured.

1 files changed, 9 insertions, 1 deletions

diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 5a0a7cee8..12abfafb8 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -13,7 +13,6 @@ function dirsearch_content(&$a) {
 	$ret = array('success' => false);
 
 
-
 	$dirmode = intval(get_config('system','directory_mode'));
 
 	if($dirmode == DIRECTORY_MODE_NORMAL) {
@@ -21,6 +20,15 @@ function dirsearch_content(&$a) {
 		json_return_and_die($ret);
 	}
 
+	$access_token = $_REQUEST['t'];
+
+	$token = get_config('system','realm_token');
+	if($token && $access_token != $token) {
+		$result['message'] = t('This directory server requires an access token');
+		return;
+	}
+
+
 	if(argc() > 1 && argv(1) === 'sites') {
 		$ret = list_public_sites();
 		json_return_and_die($ret);