aboutsummaryrefslogtreecommitdiff
path: root/mod/blog/start.php
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2013-07-05 20:10:12 -0400
committercash <cash.costello@gmail.com>2013-07-05 20:10:12 -0400
commita873fa6429460ccebbfdb5b7d17f124c80a6ee5c (patch)
tree539fb4a8de4c892ba0eec16f2bb5b58280e86790 /mod/blog/start.php
parent175c65bec4a46ee7ffa424555870b383e77bd3bf (diff)
downloadelgg-a873fa6429460ccebbfdb5b7d17f124c80a6ee5c.tar.gz
elgg-a873fa6429460ccebbfdb5b7d17f124c80a6ee5c.tar.bz2
Fixes #5745 serve 404 pages when someone requests content of a user that does not exist
Diffstat (limited to 'mod/blog/start.php')
-rw-r--r--mod/blog/start.php13
1 files changed, 13 insertions, 0 deletions
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 25cd81935..91525acee 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -113,14 +113,23 @@ function blog_page_handler($page) {
switch ($page_type) {
case 'owner':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_list($user->guid);
break;
case 'friends':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_friends($user->guid);
break;
case 'archive':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_archive($user->guid, $page[2], $page[3]);
break;
case 'view':
@@ -139,6 +148,10 @@ function blog_page_handler($page) {
$params = blog_get_page_content_edit($page_type, $page[1], $page[2]);
break;
case 'group':
+ $group = get_entity($page[1]);
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
+ }
if ($page[2] == 'all') {
$params = blog_get_page_content_list($page[1]);
} else {