From bdc6ae790e1fad43e19957043e8745bb1aff839d Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Thu, 25 Mar 2010 19:29:41 +0000
Subject: Added access controls to blog archive grabbing function. Corrected
 weird logic for checking validity of blog entities while displaying posts.

git-svn-id: http://code.elgg.org/elgg/trunk@5506 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/blog/blog_lib.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'mod/blog/blog_lib.php')

diff --git a/mod/blog/blog_lib.php b/mod/blog/blog_lib.php
index 8c09260a3..2a52b7cd3 100644
--- a/mod/blog/blog_lib.php
+++ b/mod/blog/blog_lib.php
@@ -22,11 +22,11 @@ function blog_get_page_content_read($owner_guid = NULL, $guid = NULL) {
 	if ($guid) {
 		$blog = get_entity($guid);
 
-		if (!elgg_instanceof($blog, 'object', 'blog') && $blog->status == 'final') {
-			$content .= elgg_echo('blog:error:post_not_found');
-		} else {
+		if (elgg_instanceof($blog, 'object', 'blog') && $blog->status == 'final') {
 			elgg_push_breadcrumb($blog->title, $blog->getURL());
 			$content .= elgg_view_entity($blog, TRUE);
+		} else {
+			$content .= elgg_echo('blog:error:post_not_found');
 		}
 	} else {
 		$options = array(
@@ -201,6 +201,8 @@ function blog_get_blog_months($user_guid = NULL, $container_guid = NULL) {
 		$q .= " AND e.container_guid = $container_guid";
 	}
 
+	$q .= ' AND ' . get_access_sql_suffix('e');
+
 	return get_data($q);
 }
 
-- 
cgit v1.2.3