|
|
ed8799b |
From: Marina Glancy <marina@moodle.com>
|
|
|
ed8799b |
Date: Wed, 19 Apr 2017 04:04:47 +0000 (+0800)
|
|
|
ed8799b |
Subject: MDL-58635 blogs: check edited blog belongs to current user
|
|
|
ed8799b |
X-Git-Tag: v3.3.0-rc1~40
|
|
|
ed8799b |
X-Git-Url: https://git.moodle.org/gw?p=moodle.git;a=commitdiff_plain;h=b7fcd095825b808228d40f052deccd919e626381
|
|
|
ed8799b |
|
|
|
ed8799b |
MDL-58635 blogs: check edited blog belongs to current user
|
|
|
ed8799b |
---
|
|
|
ed8799b |
|
|
|
ed8799b |
diff --git a/lang/en/blog.php b/lang/en/blog.php
|
|
|
ed8799b |
index 2f5c5c6..9eb4b7a 100644
|
|
|
ed8799b |
--- a/lang/en/blog.php
|
|
|
ed8799b |
+++ b/lang/en/blog.php
|
|
|
ed8799b |
@@ -185,6 +185,7 @@ $string['viewmyentriesaboutcourse'] = 'View my entries about this course';
|
|
|
ed8799b |
$string['viewsiteentries'] = 'View all entries';
|
|
|
ed8799b |
$string['viewuserentries'] = 'View all entries by {$a}';
|
|
|
ed8799b |
$string['worldblogs'] = 'The world can read entries set to be world-accessible';
|
|
|
ed8799b |
+$string['wrongexternalid'] = 'Wrong external blog id';
|
|
|
ed8799b |
$string['wrongpostid'] = 'Wrong blog post id';
|
|
|
ed8799b |
$string['page-blog-edit'] = 'Blog editing pages';
|
|
|
ed8799b |
$string['page-blog-index'] = 'Blog listing pages';
|
|
|
ed8799b |
--- a/blog/external_blog_edit.php~ 2015-05-10 04:39:05.000000000 -0500
|
|
|
ed8799b |
+++ b/blog/external_blog_edit.php 2017-05-17 08:05:48.752003415 -0500
|
|
|
ed8799b |
@@ -52,11 +52,11 @@
|
|
|
ed8799b |
|
|
|
ed8799b |
$external = new stdClass();
|
|
|
ed8799b |
|
|
|
ed8799b |
-// Check that this id exists
|
|
|
ed8799b |
-if (!empty($id) && !$DB->record_exists('blog_external', array('id' => $id))) {
|
|
|
ed8799b |
- print_error('wrongexternalid', 'blog');
|
|
|
ed8799b |
-} elseif (!empty($id)) {
|
|
|
ed8799b |
- $external = $DB->get_record('blog_external', array('id' => $id));
|
|
|
ed8799b |
+// Retrieve the external blog record.
|
|
|
ed8799b |
+if (!empty($id)) {
|
|
|
ed8799b |
+ if (!$external = $DB->get_record('blog_external', array('id' => $id, 'userid' => $USER->id))) {
|
|
|
ed8799b |
+ print_error('wrongexternalid', 'blog');
|
|
|
ed8799b |
+ }
|
|
|
ed8799b |
}
|
|
|
ed8799b |
|
|
|
ed8799b |
$strformheading = ($action == 'edit') ? get_string('editexternalblog', 'blog') : get_string('addnewexternalblog', 'blog');
|