aboutsummaryrefslogtreecommitdiff
path: root/mod/blog
diff options
context:
space:
mode:
Diffstat (limited to 'mod/blog')
-rw-r--r--mod/blog/actions/blog/auto_save_revision.php2
-rw-r--r--mod/blog/actions/blog/save.php10
-rw-r--r--mod/blog/languages/en.php1
-rw-r--r--mod/blog/lib/blog.php8
-rw-r--r--mod/blog/start.php2
-rw-r--r--mod/blog/views/default/js/blog/save_draft.php6
-rw-r--r--mod/blog/views/default/object/blog.php3
7 files changed, 16 insertions, 16 deletions
diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php
index 66b65c5fd..e33edfaab 100644
--- a/mod/blog/actions/blog/auto_save_revision.php
+++ b/mod/blog/actions/blog/auto_save_revision.php
@@ -7,7 +7,7 @@
$guid = get_input('guid');
$user = elgg_get_logged_in_user_entity();
-$title = get_input('title');
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$excerpt = get_input('excerpt');
diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php
index 8923cd0d2..070c96398 100644
--- a/mod/blog/actions/blog/save.php
+++ b/mod/blog/actions/blog/save.php
@@ -57,7 +57,11 @@ $required = array('title', 'description');
// load from POST and do sanity and access checking
foreach ($values as $name => $default) {
- $value = get_input($name, $default);
+ if ($name === 'title') {
+ $value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $value = get_input($name, $default);
+ }
if (in_array($name, $required) && empty($value)) {
$error = elgg_echo("blog:error:missing:$name");
@@ -145,7 +149,7 @@ if (!$error) {
// add to river if changing status or published, regardless of new post
// because we remove it for drafts.
if (($new_post || $old_status == 'draft') && $status == 'published') {
- add_to_river('river/object/blog/create', 'create', elgg_get_logged_in_user_guid(), $blog->getGUID());
+ add_to_river('river/object/blog/create', 'create', $blog->owner_guid, $blog->getGUID());
if ($guid) {
$blog->time_created = time();
@@ -170,4 +174,4 @@ if (!$error) {
} else {
register_error($error);
forward($error_forward_url);
-} \ No newline at end of file
+}
diff --git a/mod/blog/languages/en.php b/mod/blog/languages/en.php
index e1930b916..5248a6f51 100644
--- a/mod/blog/languages/en.php
+++ b/mod/blog/languages/en.php
@@ -41,7 +41,6 @@ $english = array(
'blog:message:saved' => 'Blog post saved.',
'blog:error:cannot_save' => 'Cannot save blog post.',
'blog:error:cannot_write_to_container' => 'Insufficient access to save blog to group.',
- 'blog:error:post_not_found' => 'This post has been removed, is invalid, or you do not have permission to view it.',
'blog:messages:warning:draft' => 'There is an unsaved draft of this post!',
'blog:edit_revision_notice' => '(Old version)',
'blog:message:deleted_post' => 'Blog post deleted.',
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 286fe1832..4622a9e7e 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -22,11 +22,12 @@ function blog_get_page_content_read($guid = NULL) {
$return['filter'] = '';
if (!elgg_instanceof($blog, 'object', 'blog')) {
- $return['content'] = elgg_echo('blog:error:post_not_found');
- return $return;
+ register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward('');
}
- $return['title'] = htmlspecialchars($blog->title);
+ $return['title'] = $blog->title;
$container = $blog->getContainerEntity();
$crumbs_title = $container->name;
@@ -271,7 +272,6 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) {
$vars = array();
$vars['id'] = 'blog-post-edit';
- $vars['name'] = 'blog_post';
$vars['class'] = 'elgg-form-alt';
if ($page == 'edit') {
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 73056f1c9..9faf1794e 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -60,7 +60,7 @@ function blog_init() {
elgg_extend_view('groups/tool_latest', 'blog/group_module');
// add a blog widget
- elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description'), 'profile');
+ elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description'));
// register actions
$action_path = elgg_get_plugins_path() . 'blog/actions/blog';
diff --git a/mod/blog/views/default/js/blog/save_draft.php b/mod/blog/views/default/js/blog/save_draft.php
index 8a994ffb0..8cd07ff5d 100644
--- a/mod/blog/views/default/js/blog/save_draft.php
+++ b/mod/blog/views/default/js/blog/save_draft.php
@@ -12,7 +12,7 @@ elgg.provide('elgg.blog');
*/
elgg.blog.saveDraftCallback = function(data, textStatus, XHR) {
if (textStatus == 'success' && data.success == true) {
- var form = $('form[name=blog_post]');
+ var form = $('form[id=blog-post-edit]');
// update the guid input element for new posts that now have a guid
form.find('input[name=guid]').val(data.guid);
@@ -36,7 +36,7 @@ elgg.blog.saveDraft = function() {
}
// only save on changed content
- var form = $('form[name=blog_post]');
+ var form = $('form[id=blog-post-edit]');
var description = form.find('textarea[name=description]').val();
var title = form.find('input[name=title]').val();
@@ -59,7 +59,7 @@ elgg.blog.saveDraft = function() {
elgg.blog.init = function() {
// get a copy of the body to compare for auto save
- oldDescription = $('form[name=blog_post]').find('textarea[name=description]').val();
+ oldDescription = $('form[id=blog-post-edit]').find('textarea[name=description]').val();
setInterval(elgg.blog.saveDraft, 60000);
};
diff --git a/mod/blog/views/default/object/blog.php b/mod/blog/views/default/object/blog.php
index aa8074a69..4403a6006 100644
--- a/mod/blog/views/default/object/blog.php
+++ b/mod/blog/views/default/object/blog.php
@@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array(
'is_trusted' => true,
));
$author_text = elgg_echo('byline', array($owner_link));
-$tags = elgg_view('output/tags', array('tags' => $blog->tags));
$date = elgg_view_friendly_time($blog->time_created);
// The "on" status changes for comments, so best to check for !Off
@@ -74,7 +73,6 @@ if ($full) {
'title' => false,
'metadata' => $metadata,
'subtitle' => $subtitle,
- 'tags' => $tags,
);
$params = $params + $vars;
$summary = elgg_view('object/elements/summary', $params);
@@ -92,7 +90,6 @@ if ($full) {
'entity' => $blog,
'metadata' => $metadata,
'subtitle' => $subtitle,
- 'tags' => $tags,
'content' => $excerpt,
);
$params = $params + $vars;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-04 02:36:59 +0000