fixing blog logs, also added code to prevent browsing blogs using other user's userid

2025-04-20 16:04:25 +02:00 · 2006-05-01 06:23:41 +00:00 · 2006-05-01 06:23:41 +00:00 · 14148bc2db
commit 14148bc2db
parent bd7be234ee
3 changed files with 18 additions and 13 deletions
--- a/blog/edit.php
+++ b/blog/edit.php
@ -251,7 +251,7 @@ function do_save($post) {
        }
        //record a log message of this entry addition
        if ($site = get_site()) {
-            add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, 'created new blog entry with entry id# '. $entryID);
+            add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, $blogEntry->subject);
        }
        
        redirect($referrer);
@ -315,7 +315,7 @@ function do_update($post) {

        //record a log message of this entry update action
        if ($site = get_site()) {
-            add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, 'updated existing blog entry with entry id# '. $post->postid);
+            add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, $blogEntry->subject);
        }
        
        redirect($referrer);
--- a/blog/index.php
+++ b/blog/index.php
@ -87,14 +87,14 @@ if ($filtertype) {

 switch ($filtertype) {
    case 'site':
-        if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
+        if ($CFG->bloglevel < BLOG_SITE_LEVEL && (!isadmin())) {
            error ('site blogs is not enabled');
        } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
            require_login();
        }
    break;
    case 'course':
-        if ($CFG->bloglevel < BLOG_COURSE_LEVEL) {
+        if ($CFG->bloglevel < BLOG_COURSE_LEVEL && (!isadmin())) {
            error ('course blogs is not enabled');
        }

@ -104,7 +104,7 @@ switch ($filtertype) {
        /// check if viewer is student
    break;
    case 'group':
-        if ($CFG->bloglevel < BLOG_GROUP_LEVEL) {
+        if ($CFG->bloglevel < BLOG_GROUP_LEVEL && (!isadmin())) {
            error ('group blogs is not enabled');
        }
        if (!isteacheredit($course) and (groupmode($course) == SEPARATEGROUPS)) {
@ -115,7 +115,7 @@ switch ($filtertype) {
        /// check if user is editting teacher, or if spg, is member
    break;
    case 'user':
-        if ($CFG->bloglevel < BLOG_USER_LEVEL) {
+        if ($CFG->bloglevel < BLOG_USER_LEVEL && (!isadmin())) {
            error ('Blogs is not enabled');
        }
        
--- a/blog/lib.php
+++ b/blog/lib.php
@ -370,14 +370,19 @@

            if ($post = get_record('post', 'id', $postid)) {

-                if ($user = get_record('user', 'id', $post->userid)) {
-                    $post->email = $user->email;
-                    $post->firstname = $user->firstname;
-                    $post->lastname = $user->lastname;
-                }
-                $retarray[] = $post;
-                return $retarray;
+                if (blog_user_can_view_user_post($post->userid)) {

+                    if ($user = get_record('user', 'id', $post->userid)) {
+                        $post->email = $user->email;
+                        $post->firstname = $user->firstname;
+                        $post->lastname = $user->lastname;
+                    }
+                    $retarray[] = $post;
+                    return $retarray;
+                } else {
+                    return null;
+                }
+                
            } else { // bad postid
                return null;
            }