aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/blog/languages/en.php1
-rw-r--r--mod/blog/lib/blog.php2
-rw-r--r--mod/bookmarks/pages/bookmarks/view.php4
-rw-r--r--mod/file/pages/file/view.php4
-rw-r--r--mod/pages/pages/pages/view.php4
-rw-r--r--mod/thewire/pages/thewire/view.php4
6 files changed, 14 insertions, 5 deletions
diff --git a/mod/blog/languages/en.php b/mod/blog/languages/en.php
index e1930b916..5248a6f51 100644
--- a/mod/blog/languages/en.php
+++ b/mod/blog/languages/en.php
@@ -41,7 +41,6 @@ $english = array(
'blog:message:saved' => 'Blog post saved.',
'blog:error:cannot_save' => 'Cannot save blog post.',
'blog:error:cannot_write_to_container' => 'Insufficient access to save blog to group.',
- 'blog:error:post_not_found' => 'This post has been removed, is invalid, or you do not have permission to view it.',
'blog:messages:warning:draft' => 'There is an unsaved draft of this post!',
'blog:edit_revision_notice' => '(Old version)',
'blog:message:deleted_post' => 'Blog post deleted.',
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 286fe1832..9d6cb37e7 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -22,7 +22,7 @@ function blog_get_page_content_read($guid = NULL) {
$return['filter'] = '';
if (!elgg_instanceof($blog, 'object', 'blog')) {
- $return['content'] = elgg_echo('blog:error:post_not_found');
+ $return['content'] = elgg_echo('noaccess');
return $return;
}
diff --git a/mod/bookmarks/pages/bookmarks/view.php b/mod/bookmarks/pages/bookmarks/view.php
index 2439d2ee8..c819b8b41 100644
--- a/mod/bookmarks/pages/bookmarks/view.php
+++ b/mod/bookmarks/pages/bookmarks/view.php
@@ -6,6 +6,10 @@
*/
$bookmark = get_entity(get_input('guid'));
+if (!$bookmark) {
+ register_error(elgg_echo('noaccess'));
+ forward('');
+}
$page_owner = elgg_get_page_owner_entity();
diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php
index a571c9d68..ec51b30e6 100644
--- a/mod/file/pages/file/view.php
+++ b/mod/file/pages/file/view.php
@@ -6,6 +6,10 @@
*/
$file = get_entity(get_input('guid'));
+if (!$file) {
+ register_error(elgg_echo('noaccess'));
+ forward('');
+}
$owner = elgg_get_page_owner_entity();
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 81477a8d4..6b9d03f49 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -8,6 +8,7 @@
$page_guid = get_input('guid');
$page = get_entity($page_guid);
if (!$page) {
+ register_error(elgg_echo('noaccess'));
forward();
}
@@ -32,7 +33,8 @@ elgg_push_breadcrumb($title);
$content = elgg_view_entity($page, array('full_view' => true));
$content .= elgg_view_comments($page);
-if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
+// can add subpage if can edit this page and write to container (such as a group)
+if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) {
$url = "pages/add/$page->guid";
elgg_register_menu_item('title', array(
'name' => 'subpage',
diff --git a/mod/thewire/pages/thewire/view.php b/mod/thewire/pages/thewire/view.php
index f45f94bfe..1818e725a 100644
--- a/mod/thewire/pages/thewire/view.php
+++ b/mod/thewire/pages/thewire/view.php
@@ -5,8 +5,8 @@
$post = get_entity(get_input('guid'));
if (!$post) {
- // @todo need special handling for not getting access to entity (check for existence, access)
- forward();
+ register_error(elgg_echo('noaccess'));
+ forward('');
}
$owner = $post->getOwnerEntity();
if (!$owner) {