From: Marina Glancy <marina@moodle.com>

Date: Wed, 19 Apr 2017 04:04:47 +0000 (+0800)

Subject: MDL-58635 blogs: check edited blog belongs to current user

X-Git-Tag: v3.3.0-rc1~40

X-Git-Url: https://git.moodle.org/gw?p=moodle.git;a=commitdiff_plain;h=b7fcd095825b808228d40f052deccd919e626381

MDL-58635 blogs: check edited blog belongs to current user

---

diff --git a/lang/en/blog.php b/lang/en/blog.php

index 2f5c5c6..9eb4b7a 100644

--- a/lang/en/blog.php

+++ b/lang/en/blog.php

@@ -185,6 +185,7 @@ $string['viewmyentriesaboutcourse'] = 'View my entries about this course';

 $string['viewsiteentries'] = 'View all entries';

 $string['viewuserentries'] = 'View all entries by {$a}';

 $string['worldblogs'] = 'The world can read entries set to be world-accessible';

+$string['wrongexternalid'] = 'Wrong external blog id';

 $string['wrongpostid'] = 'Wrong blog post id';

 $string['page-blog-edit'] = 'Blog editing pages';

 $string['page-blog-index'] = 'Blog listing pages';

--- a/blog/external_blog_edit.php~	2015-05-10 04:39:05.000000000 -0500

+++ b/blog/external_blog_edit.php	2017-05-17 08:05:48.752003415 -0500

@@ -52,11 +52,11 @@

 $external = new stdClass();

-// Check that this id exists

-if (!empty($id) && !$DB->record_exists('blog_external', array('id' => $id))) {

-    print_error('wrongexternalid', 'blog');

-} elseif (!empty($id)) {

-    $external = $DB->get_record('blog_external', array('id' => $id));

+// Retrieve the external blog record.

+if (!empty($id)) {

+    if (!$external = $DB->get_record('blog_external', array('id' => $id, 'userid' => $USER->id))) {

+        print_error('wrongexternalid', 'blog');

+    }

 }

 $strformheading = ($action == 'edit') ? get_string('editexternalblog', 'blog') : get_string('addnewexternalblog', 'blog');