aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2013-07-05 20:10:12 -0400
committercash <cash.costello@gmail.com>2013-07-05 20:10:12 -0400
commita873fa6429460ccebbfdb5b7d17f124c80a6ee5c (patch)
tree539fb4a8de4c892ba0eec16f2bb5b58280e86790 /mod
parent175c65bec4a46ee7ffa424555870b383e77bd3bf (diff)
downloadelgg-a873fa6429460ccebbfdb5b7d17f124c80a6ee5c.tar.gz
elgg-a873fa6429460ccebbfdb5b7d17f124c80a6ee5c.tar.bz2
Fixes #5745 serve 404 pages when someone requests content of a user that does not exist
Diffstat (limited to 'mod')
-rw-r--r--mod/blog/start.php13
-rw-r--r--mod/bookmarks/pages/bookmarks/friends.php2
-rw-r--r--mod/bookmarks/pages/bookmarks/owner.php2
-rw-r--r--mod/file/pages/file/friends.php2
-rw-r--r--mod/file/pages/file/owner.php2
-rw-r--r--mod/groups/lib/discussion.php5
-rw-r--r--mod/groups/lib/groups.php4
-rw-r--r--mod/groups/start.php4
-rw-r--r--mod/pages/pages/pages/friends.php2
-rw-r--r--mod/pages/pages/pages/owner.php2
-rw-r--r--mod/thewire/pages/thewire/friends.php2
-rw-r--r--mod/thewire/pages/thewire/owner.php2
12 files changed, 29 insertions, 13 deletions
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 25cd81935..91525acee 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -113,14 +113,23 @@ function blog_page_handler($page) {
switch ($page_type) {
case 'owner':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_list($user->guid);
break;
case 'friends':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_friends($user->guid);
break;
case 'archive':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_archive($user->guid, $page[2], $page[3]);
break;
case 'view':
@@ -139,6 +148,10 @@ function blog_page_handler($page) {
$params = blog_get_page_content_edit($page_type, $page[1], $page[2]);
break;
case 'group':
+ $group = get_entity($page[1]);
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
+ }
if ($page[2] == 'all') {
$params = blog_get_page_content_list($page[1]);
} else {
diff --git a/mod/bookmarks/pages/bookmarks/friends.php b/mod/bookmarks/pages/bookmarks/friends.php
index 15b1da098..173996346 100644
--- a/mod/bookmarks/pages/bookmarks/friends.php
+++ b/mod/bookmarks/pages/bookmarks/friends.php
@@ -7,7 +7,7 @@
$page_owner = elgg_get_page_owner_entity();
if (!$page_owner) {
- forward('bookmarks/all');
+ forward('', '404');
}
elgg_push_breadcrumb($page_owner->name, "bookmarks/owner/$page_owner->username");
diff --git a/mod/bookmarks/pages/bookmarks/owner.php b/mod/bookmarks/pages/bookmarks/owner.php
index b99730fb9..b7b907916 100644
--- a/mod/bookmarks/pages/bookmarks/owner.php
+++ b/mod/bookmarks/pages/bookmarks/owner.php
@@ -7,7 +7,7 @@
$page_owner = elgg_get_page_owner_entity();
if (!$page_owner) {
- forward('bookmarks/all');
+ forward('', '404');
}
elgg_push_breadcrumb($page_owner->name);
diff --git a/mod/file/pages/file/friends.php b/mod/file/pages/file/friends.php
index f504bdc1f..d55c1e62b 100644
--- a/mod/file/pages/file/friends.php
+++ b/mod/file/pages/file/friends.php
@@ -7,7 +7,7 @@
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('file/all');
+ forward('', '404');
}
elgg_push_breadcrumb(elgg_echo('file'), "file/all");
diff --git a/mod/file/pages/file/owner.php b/mod/file/pages/file/owner.php
index 5ad6866d6..99cf62714 100644
--- a/mod/file/pages/file/owner.php
+++ b/mod/file/pages/file/owner.php
@@ -10,7 +10,7 @@ group_gatekeeper();
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('file/all');
+ forward('', '404');
}
elgg_push_breadcrumb(elgg_echo('file'), "file/all");
diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php
index ab2fe4849..874e21b2d 100644
--- a/mod/groups/lib/discussion.php
+++ b/mod/groups/lib/discussion.php
@@ -39,9 +39,8 @@ function discussion_handle_list_page($guid) {
elgg_set_page_owner_guid($guid);
$group = get_entity($guid);
- if (!$group) {
- register_error(elgg_echo('group:notfound'));
- forward();
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
}
elgg_push_breadcrumb($group->name);
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index 0557d41eb..e5b047eba 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -255,8 +255,8 @@ function groups_handle_profile_page($guid) {
elgg_push_context('group_profile');
$group = get_entity($guid);
- if (!$group) {
- forward('groups/all');
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
}
elgg_push_breadcrumb($group->name);
diff --git a/mod/groups/start.php b/mod/groups/start.php
index 46ab0e636..6002a535c 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -142,6 +142,10 @@ function groups_setup_sidebar_menus() {
$page_owner = elgg_get_page_owner_entity();
if (elgg_in_context('group_profile')) {
+ if (!elgg_instanceof($page_owner, 'group')) {
+ forward('', '404');
+ }
+
if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) {
$url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}";
diff --git a/mod/pages/pages/pages/friends.php b/mod/pages/pages/pages/friends.php
index 87ac631c2..cecc4053b 100644
--- a/mod/pages/pages/pages/friends.php
+++ b/mod/pages/pages/pages/friends.php
@@ -7,7 +7,7 @@
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('pages/all');
+ forward('', '404');
}
elgg_push_breadcrumb($owner->name, "pages/owner/$owner->username");
diff --git a/mod/pages/pages/pages/owner.php b/mod/pages/pages/pages/owner.php
index 48199368c..7de74a3b4 100644
--- a/mod/pages/pages/pages/owner.php
+++ b/mod/pages/pages/pages/owner.php
@@ -7,7 +7,7 @@
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('pages/all');
+ forward('', '404');
}
// access check for closed groups
diff --git a/mod/thewire/pages/thewire/friends.php b/mod/thewire/pages/thewire/friends.php
index e7f5eed59..efa7e7a56 100644
--- a/mod/thewire/pages/thewire/friends.php
+++ b/mod/thewire/pages/thewire/friends.php
@@ -5,7 +5,7 @@
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('thewire/all');
+ forward('', '404');
}
$title = elgg_echo('thewire:friends');
diff --git a/mod/thewire/pages/thewire/owner.php b/mod/thewire/pages/thewire/owner.php
index d8dff401e..dc25940e1 100644
--- a/mod/thewire/pages/thewire/owner.php
+++ b/mod/thewire/pages/thewire/owner.php
@@ -6,7 +6,7 @@
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('thewire/all');
+ forward('', '404');
}
$title = elgg_echo('thewire:user', array($owner->name));