From 1a3f39f1c6ae8e0a68175b78e486ff7e6349737e Mon Sep 17 00:00:00 2001
From: toyomoyo <toyomoyo>
Date: Tue, 14 Mar 2006 06:56:58 +0000
Subject: [PATCH] added sesskey and confirmation for deletion of blog entries

---
 blog/edit.php | 23 ++++++++++++++++++-----
 blog/lib.php  |  6 +++---
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/blog/edit.php b/blog/edit.php
index 81b33c88e3..d0abb380fd 100755
--- a/blog/edit.php
+++ b/blog/edit.php
@@ -56,13 +56,27 @@ if ( !blog_user_has_rights($PAGE->bloginfo) ) {
 
 if (isset($act) && $act == 'del' && confirm_sesskey())
 {
-    if (optional_param($confirm,0,PARAM_INT)) {
-        require_variable($postid);
+    $postid = required_param('postid', PARAM_INT);
+    if (optional_param('confirm',0,PARAM_INT)) {
         do_delete($PAGE->bloginfo, $postid);
     } else {
     /// prints blog entry and what confirmation form
-
-
+        echo '<div align="center"><form method="GET" action="edit.php">';
+        echo '<input type="hidden" name="act" value="del" />';
+        echo '<input type="hidden" name="confirm" value="1" />';
+        echo '<input type="hidden" name="postid" value="'.$postid.'" />';
+        echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
+        print_string('blogdeleteconfirm', 'blog');
+        
+        $post = get_record('post', 'id', $postid);
+        $entry = new BlogEntry($post);
+        blog_print_entry($entry);
+        echo '<br />';
+        echo '<input type="submit" value="'.get_string('delete').'" /> ';
+        echo ' <input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
+        echo '</form></div>';
+        print_footer($course);
+        die;
     }
 }
 if ($usehtmleditor = can_use_richtext_editor()) {
@@ -109,7 +123,6 @@ if (($post = data_submitted( get_referer() )) && confirm_sesskey()) {
     $post->categoryid = array(1);
     $post->publishstate = 'draft';
     $post->courseid  = $courseid;
-    
 
 }
 
diff --git a/blog/lib.php b/blog/lib.php
index 872c24d6ee..efa93c804d 100755
--- a/blog/lib.php
+++ b/blog/lib.php
@@ -753,7 +753,7 @@ function blog_get_moodle_pix_path(){
  *     in its complete form (eg. archive page). If anything other than 'full'
  *     display the entry in its abbreviated format (eg. index page)
  */
-function blog_print_entry(&$blogEntry, $viewtype='full', $filtertype, $filterselect) {
+function blog_print_entry(&$blogEntry, $viewtype='full', $filtertype='', $filterselect='') {
     global $CFG, $THEME, $USER;
     static $bloginfoarray;
 
@@ -847,11 +847,11 @@ function blog_print_entry_content ($template, $entryid, $filtertype='', $filters
 
     if (isset($USER->id)) {
         if (($template['userid'] == $USER->id) or isteacher($course->id)) {
-                echo '<a href="'.$CFG->wwwroot.'/blog/edit.php?editid='.$entryid.'&amplsesskey='.sesskey().'">'.$stredit.'</a>';
+                echo '<a href="'.$CFG->wwwroot.'/blog/edit.php?editid='.$entryid.'&amp;sesskey='.sesskey().'">'.$stredit.'</a>';
         }
 
         if (($template['userid'] == $USER->id) or isteacher($course->id)) {
-            echo '| <a href="'.$CFG->wwwroot.'/blog/edit.php?act=del&amp;postid='.$entryid.'&amplsesskey='.sesskey().'">'.$strdelete.'</a>';
+            echo '| <a href="'.$CFG->wwwroot.'/blog/edit.php?act=del&amp;postid='.$entryid.'&amp;sesskey='.sesskey().'">'.$strdelete.'</a>';
         }
     }
 
-- 
2.39.5