diff options
| author | cash <cash.costello@gmail.com> | 2013-07-05 20:10:12 -0400 |
|---|---|---|
| committer | cash <cash.costello@gmail.com> | 2013-07-05 20:10:12 -0400 |
| commit | a873fa6429460ccebbfdb5b7d17f124c80a6ee5c (patch) | |
| tree | 539fb4a8de4c892ba0eec16f2bb5b58280e86790 /mod/blog/start.php | |
| parent | 175c65bec4a46ee7ffa424555870b383e77bd3bf (diff) | |
| download | elgg-a873fa6429460ccebbfdb5b7d17f124c80a6ee5c.tar.gz elgg-a873fa6429460ccebbfdb5b7d17f124c80a6ee5c.tar.bz2 | |
Fixes #5745 serve 404 pages when someone requests content of a user that does not exist
Diffstat (limited to 'mod/blog/start.php')
| -rw-r--r-- | mod/blog/start.php | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/mod/blog/start.php b/mod/blog/start.php index 25cd81935..91525acee 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -113,14 +113,23 @@ function blog_page_handler($page) { switch ($page_type) { case 'owner': $user = get_user_by_username($page[1]); + if (!$user) { + forward('', '404'); + } $params = blog_get_page_content_list($user->guid); break; case 'friends': $user = get_user_by_username($page[1]); + if (!$user) { + forward('', '404'); + } $params = blog_get_page_content_friends($user->guid); break; case 'archive': $user = get_user_by_username($page[1]); + if (!$user) { + forward('', '404'); + } $params = blog_get_page_content_archive($user->guid, $page[2], $page[3]); break; case 'view': @@ -139,6 +148,10 @@ function blog_page_handler($page) { $params = blog_get_page_content_edit($page_type, $page[1], $page[2]); break; case 'group': + $group = get_entity($page[1]); + if (!elgg_instanceof($group, 'group')) { + forward('', '404'); + } if ($page[2] == 'all') { $params = blog_get_page_content_list($page[1]); } else { |