diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/blog/languages/en.php | 1 | ||||
-rw-r--r-- | mod/blog/lib/blog.php | 2 | ||||
-rw-r--r-- | mod/bookmarks/pages/bookmarks/view.php | 4 | ||||
-rw-r--r-- | mod/file/pages/file/view.php | 4 | ||||
-rw-r--r-- | mod/pages/pages/pages/view.php | 4 | ||||
-rw-r--r-- | mod/thewire/pages/thewire/view.php | 4 |
6 files changed, 14 insertions, 5 deletions
diff --git a/mod/blog/languages/en.php b/mod/blog/languages/en.php index e1930b916..5248a6f51 100644 --- a/mod/blog/languages/en.php +++ b/mod/blog/languages/en.php @@ -41,7 +41,6 @@ $english = array( 'blog:message:saved' => 'Blog post saved.', 'blog:error:cannot_save' => 'Cannot save blog post.', 'blog:error:cannot_write_to_container' => 'Insufficient access to save blog to group.', - 'blog:error:post_not_found' => 'This post has been removed, is invalid, or you do not have permission to view it.', 'blog:messages:warning:draft' => 'There is an unsaved draft of this post!', 'blog:edit_revision_notice' => '(Old version)', 'blog:message:deleted_post' => 'Blog post deleted.', diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php index 286fe1832..9d6cb37e7 100644 --- a/mod/blog/lib/blog.php +++ b/mod/blog/lib/blog.php @@ -22,7 +22,7 @@ function blog_get_page_content_read($guid = NULL) { $return['filter'] = ''; if (!elgg_instanceof($blog, 'object', 'blog')) { - $return['content'] = elgg_echo('blog:error:post_not_found'); + $return['content'] = elgg_echo('noaccess'); return $return; } diff --git a/mod/bookmarks/pages/bookmarks/view.php b/mod/bookmarks/pages/bookmarks/view.php index 2439d2ee8..c819b8b41 100644 --- a/mod/bookmarks/pages/bookmarks/view.php +++ b/mod/bookmarks/pages/bookmarks/view.php @@ -6,6 +6,10 @@ */ $bookmark = get_entity(get_input('guid')); +if (!$bookmark) { + register_error(elgg_echo('noaccess')); + forward(''); +} $page_owner = elgg_get_page_owner_entity(); diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php index a571c9d68..ec51b30e6 100644 --- a/mod/file/pages/file/view.php +++ b/mod/file/pages/file/view.php @@ -6,6 +6,10 @@ */ $file = get_entity(get_input('guid')); +if (!$file) { + register_error(elgg_echo('noaccess')); + forward(''); +} $owner = elgg_get_page_owner_entity(); diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php index 81477a8d4..6b9d03f49 100644 --- a/mod/pages/pages/pages/view.php +++ b/mod/pages/pages/pages/view.php @@ -8,6 +8,7 @@ $page_guid = get_input('guid'); $page = get_entity($page_guid); if (!$page) { + register_error(elgg_echo('noaccess')); forward(); } @@ -32,7 +33,8 @@ elgg_push_breadcrumb($title); $content = elgg_view_entity($page, array('full_view' => true)); $content .= elgg_view_comments($page); -if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { +// can add subpage if can edit this page and write to container (such as a group) +if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) { $url = "pages/add/$page->guid"; elgg_register_menu_item('title', array( 'name' => 'subpage', diff --git a/mod/thewire/pages/thewire/view.php b/mod/thewire/pages/thewire/view.php index f45f94bfe..1818e725a 100644 --- a/mod/thewire/pages/thewire/view.php +++ b/mod/thewire/pages/thewire/view.php @@ -5,8 +5,8 @@ $post = get_entity(get_input('guid')); if (!$post) { - // @todo need special handling for not getting access to entity (check for existence, access) - forward(); + register_error(elgg_echo('noaccess')); + forward(''); } $owner = $post->getOwnerEntity(); if (!$owner) { |