gistfile1.txt

From 9eb964fec6dde4eb0ed19a94e99f2cf1947a183c Mon Sep 17 00:00:00 2001
From: Sean Dietrich <sean.dietrich@inresonance.com>
Date: Thu, 3 Mar 2016 17:36:35 -0800
Subject: [PATCH] Issue with Plupload on pantheon. Converted tokens to
 session_id https://www.drupal.org/node/2135195

---
 .../modules/contrib/node_gallery/node_gallery_api.pages.inc        | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/node_gallery_api.pages.inc b/node_gallery_api.pages.inc
index 3f8cb27..e8690673 100644
--- a/node_gallery_api.pages.inc
+++ b/node_gallery_api.pages.inc
@@ -729,7 +729,7 @@ function node_gallery_api_plupload_form($form, $form_state, $relationship_type,
     ),
     '#plupload_settings' => array(
       'max_file_size' => $file_max_size,
-      'url' => url('node-gallery/json/item/create/' . $relationship_type->id . '/' . $ngid . '/' . $item_type . '/' . drupal_get_token('node_gallery_api_item_create')),
+      'url' => url('node-gallery/json/item/create/' . $relationship_type->id . '/' . $ngid . '/' . $item_type . '/' . session_id()),
     ),
   );
 
@@ -789,10 +789,13 @@ function node_gallery_api_create_item_from_file($uri, $original_filename, $relat
  * Create item from JSON. For Plupload integration.
  */
 function node_gallery_api_json_create_item($relationship_type_id, $ngid, $item_type, $token) {
-  if (!drupal_valid_token($token, 'node_gallery_api_item_create')) {
+  global $user;
+  $user_obj = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid", array(':sid' => $token))->fetchObject();
+  if($user === FALSE){
     drupal_access_denied();
     return;
   }
+  $user = user_load($user_obj->uid);
 
   // The following code comes almost entirely from plupload_handle_uploads.
   // @todo: Implement file_validate_size();
-- 
2.8.1