$act = optional_param('act','',PARAM_ALPHA);
// detemine where the user is coming from in case we need to send them back there
-if (isset($_SERVER['HTTP_REFERER'])) {
- $referrer = $_SERVER['HTTP_REFERER'];
-} else {
- $referrer = $CFG->wwwroot;
+if (!$referrer = optional_param('referrer','', PARAM_URL)) {
+ if (isset($_SERVER['HTTP_REFERER'])) {
+ $referrer = $_SERVER['HTTP_REFERER'];
+ } else {
+ $referrer = $CFG->wwwroot;
+ }
}
//first verify that user is not a guest
* also takes the postid - the id of the entry to be removed
*/
function do_delete($postid) {
- global $CFG, $USER;
+ global $CFG, $USER, $referrer;
// make sure this user is authorized to delete this entry.
// cannot use $post->pid because it may not have been initialized yet. Also the pid may be in get format rather than post.
// check ownership
}
//comment out this redirect to debug the deletion of entries
+
redirect($CFG->wwwroot .'/blog/index.php?userid='. $post->userid);
}
* @param object $bloginfo_arg argument is reference to a blogInfo object.
*/
function do_save($post) {
- global $USER, $CFG;
+ global $USER, $CFG, $referrer;
// echo 'Debug: Post object in do_save function of edit.php<br />'; //debug
// print_object($post); //debug
if ($site = get_site()) {
add_to_log($site->id, 'blog', 'add', 'archive.php?userid='. $bloginfo_arg->userid .'&postid='. $entryID, 'created new blog entry with entry id# '. $entryID);
}
+
+ redirect($referrer);
+ /*
//to debug this save function comment out the following redirect code
if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
} else {
redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
- }
+ }*/
}
}
*/
function do_update($post) {
// here post = data_submitted();
- global $CFG, $USER;
+ global $CFG, $USER, $referrer;
$blogEntry = get_record('post','id',$post->postid);
// echo "id id ".$post->postid;
// print_object($blogentry); //debug
if ($site = get_site()) {
add_to_log($site->id, 'blog', 'update', 'archive.php?userid='. $bloginfo->userid .'&postid='. $post->postid, 'updated existing blog entry with entry id# '. $post->postid);
}
-
- redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
+
+ redirect($referrer);
+ //to debug this save function comment out the following redirect code
+/*
+ if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
+ redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
+ } else {
+ redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
+ }*/
} else {
// get_string('', 'blog') //Daryl Hawes note: localize this line
$post->error = 'There was an error updating this post in the database: '. $error;
$template['author'] = fullname(get_record('user','id',$blogEntry->userid));
$template['lastmod'] = userdate($blogEntry->lastmodified);
$template['created'] = userdate($blogEntry->created);
- $template['publishtomenu'] = get_publish_to_menu($blogEntry, true, true);
- //forum style printing of blogs
+
+ /// preventing user to browse blogs that they aren't supposed to see
+ if (!blog_user_can_view_user_post($template['userid'])) {
+ error ('you can not view this post');
+ }
blog_print_entry_content ($template, $blogEntry->id, $filtertype, $filterselect, $mode);
}
echo '<div class="commands">';
if (isset($USER->id)) {
- if (($template['userid'] == $USER->id) or isteacher($course->id)) {
+ if (($template['userid'] == $USER->id) or isadmin()) {
echo '<a href="'.$CFG->wwwroot.'/blog/edit.php?editid='.$entryid.'&sesskey='.sesskey().'">'.$stredit.'</a>';
}
- if (($template['userid'] == $USER->id) or isteacher($course->id)) {
+ if (($template['userid'] == $USER->id) or isadmin()) {
echo '| <a href="'.$CFG->wwwroot.'/blog/edit.php?act=del&editid='.$entryid.'&sesskey='.sesskey().'">'.$strdelete.'</a>';
}
}
projects / moodle.git / commitdiff