From 14148bc2db55740eefa69652a1ec8761c05b0142 Mon Sep 17 00:00:00 2001 From: toyomoyo Date: Mon, 1 May 2006 06:23:41 +0000 Subject: [PATCH] fixing blog logs, also added code to prevent browsing blogs using other user's userid --- blog/edit.php | 4 ++-- blog/index.php | 8 ++++---- blog/lib.php | 19 ++++++++++++------- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/blog/edit.php b/blog/edit.php index 751d54fb41..01bc0c41ce 100755 --- a/blog/edit.php +++ b/blog/edit.php @@ -251,7 +251,7 @@ function do_save($post) { } //record a log message of this entry addition if ($site = get_site()) { - add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, 'created new blog entry with entry id# '. $entryID); + add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, $blogEntry->subject); } redirect($referrer); @@ -315,7 +315,7 @@ function do_update($post) { //record a log message of this entry update action if ($site = get_site()) { - add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, 'updated existing blog entry with entry id# '. $post->postid); + add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, $blogEntry->subject); } redirect($referrer); diff --git a/blog/index.php b/blog/index.php index 7897f00a16..9a57c4f18f 100755 --- a/blog/index.php +++ b/blog/index.php @@ -87,14 +87,14 @@ if ($filtertype) { switch ($filtertype) { case 'site': - if ($CFG->bloglevel < BLOG_SITE_LEVEL) { + if ($CFG->bloglevel < BLOG_SITE_LEVEL && (!isadmin())) { error ('site blogs is not enabled'); } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { require_login(); } break; case 'course': - if ($CFG->bloglevel < BLOG_COURSE_LEVEL) { + if ($CFG->bloglevel < BLOG_COURSE_LEVEL && (!isadmin())) { error ('course blogs is not enabled'); } @@ -104,7 +104,7 @@ switch ($filtertype) { /// check if viewer is student break; case 'group': - if ($CFG->bloglevel < BLOG_GROUP_LEVEL) { + if ($CFG->bloglevel < BLOG_GROUP_LEVEL && (!isadmin())) { error ('group blogs is not enabled'); } if (!isteacheredit($course) and (groupmode($course) == SEPARATEGROUPS)) { @@ -115,7 +115,7 @@ switch ($filtertype) { /// check if user is editting teacher, or if spg, is member break; case 'user': - if ($CFG->bloglevel < BLOG_USER_LEVEL) { + if ($CFG->bloglevel < BLOG_USER_LEVEL && (!isadmin())) { error ('Blogs is not enabled'); } diff --git a/blog/lib.php b/blog/lib.php index b62c289273..f13f3e4f84 100755 --- a/blog/lib.php +++ b/blog/lib.php @@ -370,14 +370,19 @@ if ($post = get_record('post', 'id', $postid)) { - if ($user = get_record('user', 'id', $post->userid)) { - $post->email = $user->email; - $post->firstname = $user->firstname; - $post->lastname = $user->lastname; - } - $retarray[] = $post; - return $retarray; + if (blog_user_can_view_user_post($post->userid)) { + if ($user = get_record('user', 'id', $post->userid)) { + $post->email = $user->email; + $post->firstname = $user->firstname; + $post->lastname = $user->lastname; + } + $retarray[] = $post; + return $retarray; + } else { + return null; + } + } else { // bad postid return null; } -- 2.39.5