diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-09-21 18:43:54 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-09-21 18:43:54 +0000 |
| commit | 4f5164c980f0ca5ca68ac861a313f6d1eb53cf71 (patch) | |
| tree | 78a399d8bd84c306b562ad68814939b2313e744c /modules/blog | |
| parent | fbc6f161329af72bd0ebaf0fef617d3dc5257494 (diff) | |
| download | brdo-4f5164c980f0ca5ca68ac861a313f6d1eb53cf71.tar.gz brdo-4f5164c980f0ca5ca68ac861a313f6d1eb53cf71.tar.bz2 | |
- Patch #10977 by Gerhard: added missing node access controls for RSS feeds.
Diffstat (limited to 'modules/blog')
| -rw-r--r-- | modules/blog/blog.module | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/blog/blog.module b/modules/blog/blog.module index beec0eb5f..981aa7452 100644 --- a/modules/blog/blog.module +++ b/modules/blog/blog.module @@ -102,7 +102,7 @@ function blog_feed_user($uid = 0) { $account = $user; } - $result = db_query_range("SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.type = 'blog' AND u.uid = %d AND n.status = 1 ORDER BY n.created DESC", $uid, 0, 15); + $result = db_query_range('SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n '. node_access_join_sql() .' INNER JOIN {users} u ON n.uid = u.uid WHERE '. node_access_where_sql() ." AND n.type = 'blog' AND u.uid = %d AND n.status = 1 ORDER BY n.created DESC", $uid, 0, 15); $channel['title'] = $account->name ."'s blog"; $channel['link'] = url("blog/$uid", NULL, NULL, TRUE); $channel['description'] = $term->description; @@ -113,7 +113,7 @@ function blog_feed_user($uid = 0) { * Displays an RSS feed containing recent blog entries of all users. */ function blog_feed_last() { - $result = db_query_range("SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 15); + $result = db_query_range('SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n '. node_access_join_sql() .' INNER JOIN {users} u ON n.uid = u.uid WHERE '. node_access_where_sql() ." AND n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 15); $channel['title'] = variable_get('site_name', 'drupal') .' blogs'; $channel['link'] = url('blog', NULL, NULL, TRUE); $channel['description'] = $term->description; @@ -160,7 +160,7 @@ function blog_page_last() { $output = ''; - $result = pager_query('SELECT DISTINCT(n.nid), n.created FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10)); + $result = pager_query('SELECT DISTINCT(n.nid), n.created FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10)); while ($node = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $node->nid)), 1); |