Permalink
Browse files

fixed a bug where user can view site posts when not logged in

  • Loading branch information...
1 parent 23ea06d commit 14080bd00ad9c164a3039d997cb4c7a9aec83039 toyomoyo committed Jul 18, 2006
Showing with 25 additions and 14 deletions.
  1. +25 −14 blog/lib.php
View
@@ -408,8 +408,8 @@ function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $fil
case 'site':
- if (!isguest() && isloggedin()) {
-
+ if (isloggedin()) {
+
$SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
.$CFG->prefix.'user u
WHERE p.userid = u.id '.$tagquerysql.'
@@ -469,22 +469,33 @@ function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $fil
case 'group':
- $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
- .$CFG->prefix.'groups_members m, '.$CFG->prefix.'user u
- WHERE p.userid = m.userid '.$tagquerysql.'
- AND u.id = p.userid
- AND m.groupid = '.$filterselect.'
- AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
+ $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
+ .$CFG->prefix.'groups_members m, '.$CFG->prefix.'user u
+ WHERE p.userid = m.userid '.$tagquerysql.'
+ AND u.id = p.userid
+ AND m.groupid = '.$filterselect.'
+ AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
break;
case 'user':
-
- $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
- .$CFG->prefix.'user u
- WHERE p.userid = u.id '.$tagquerysql.'
- AND u.id = '.$filterselect.'
- AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
+
+ if (isloggedin()) {
+
+ $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
+ .$CFG->prefix.'user u
+ WHERE p.userid = u.id '.$tagquerysql.'
+ AND u.id = '.$filterselect.'
+ AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
+ } else {
+
+ $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
+ .$CFG->prefix.'user u
+ WHERE p.userid = u.id '.$tagquerysql.'
+ AND u.id = '.$filterselect.'
+ AND p.publishstate = \'public\'';
+
+ }
break;

0 comments on commit 14080bd

Please sign in to comment.