Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
jangaraev committed Jul 3, 2017
1 parent 4abfe96 commit 8c08d7b
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
13 changes: 10 additions & 3 deletions modules/blog/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,7 @@
$messages[] = iaLanguage::get('title_is_empty');
}

$entry['body'] = iaUtil::safeHTML($_POST['body']);
utf8_is_valid($entry['body']) || $entry['body'] = utf8_bad_replace($entry['body']);
$entry['body'] = iaUtil::safeHTML(utf8_bad_replace($_POST['body']));

if (empty($entry['body'])) {
$messages[] = iaLanguage::getf('field_is_empty', ['field' => iaLanguage::get('body')]);
Expand Down Expand Up @@ -151,13 +150,21 @@
return iaView::errorPage(iaView::ERROR_NOT_FOUND);
}

if (!iaUsers::hasIdentity()) {
return iaView::errorPage(iaView::ERROR_UNAUTHORIZED);
}

$id = (int)$iaCore->requestPath[0];
$entry = $iaDb->row(iaDb::ALL_COLUMNS_SELECTION, iaDb::convertIds($id));
$entry = $iaBlog->getById($id);

if (!$entry) {
return iaView::errorPage(iaView::ERROR_NOT_FOUND);
}

if ($entry['member_id'] != iaUsers::getIdentity()->id) {
return iaView::errorPage(iaView::ERROR_FORBIDDEN);
}

$result = $iaBlog->delete($id);

$iaView->setMessages(iaLanguage::get($result ? 'deleted' : 'db_error'), $result ? iaView::SUCCESS : iaView::ERROR);
Expand Down
6 changes: 3 additions & 3 deletions modules/blog/install.xml
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@
<object meta_object="admin_page" id="blog" action="delete" access="1">Delete blog entry</object>

<object id="blog" access="1">View blog entries</object>
<object id="blog" action="add" access="0">Add blog entry</object>
<object id="blog" action="edit" access="0">Edit blog entry</object>
<object id="blog" action="delete" access="0">Delete blog entry</object>
<object id="blog" action="add" access="1">Add blog entry</object>
<object id="blog" action="edit" access="1">Edit blog entry</object>
<object id="blog" action="delete" access="1">Delete blog entry</object>
</permissions>

<phrases>
Expand Down

1 comment on commit 8c08d7b

@rudSarkar
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice Fix
Thanks

Please sign in to comment.