merged fix for a bug where user can view site blogs when not logged in

janschrage · Jul 18, 2006 · 626fddc · 626fddc
1 parent 3279a35
commit 626fddc
Showing 1 changed file with 25 additions and 14 deletions.
diff --git a/blog/lib.php b/blog/lib.php
@@ -408,8 +408,8 @@ function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $fil
 
             case 'site':
 
-                if (!isguest() && isloggedin()) {
-
+                if (isloggedin()) {
+					
                     $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
                             .$CFG->prefix.'user u
                             WHERE p.userid = u.id '.$tagquerysql.'
@@ -469,22 +469,33 @@ function fetch_entries($userid, $postid='', $fetchlimit=10, $fetchstart='', $fil
 
             case 'group':
 
-                $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
-                        .$CFG->prefix.'groups_members m, '.$CFG->prefix.'user u
-                        WHERE p.userid = m.userid '.$tagquerysql.'
-                        AND u.id = p.userid
-                        AND m.groupid = '.$filterselect.'
-                        AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
+				$SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
+	                    .$CFG->prefix.'groups_members m, '.$CFG->prefix.'user u
+	                    WHERE p.userid = m.userid '.$tagquerysql.'
+	                    AND u.id = p.userid
+	                    AND m.groupid = '.$filterselect.'
+	                    AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
 
             break;
 
             case 'user':
-
-                $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
-                        .$CFG->prefix.'user u
-                        WHERE p.userid = u.id '.$tagquerysql.'
-                        AND u.id = '.$filterselect.'
-                        AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
+
+				if (isloggedin()) {
+
+	                $SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
+	                        .$CFG->prefix.'user u
+	                        WHERE p.userid = u.id '.$tagquerysql.'
+	                        AND u.id = '.$filterselect.'
+	                        AND (p.publishstate = \'site\' OR p.publishstate = \'public\' OR p.userid = '.$USER->id.')';
+	            } else {
+
+					$SQL = 'SELECT '.$requiredfields.' FROM '.$CFG->prefix.'post p, '.$tagtablesql
+	                        .$CFG->prefix.'user u
+	                        WHERE p.userid = u.id '.$tagquerysql.'
+	                        AND u.id = '.$filterselect.'
+	                        AND p.publishstate = \'public\'';	              
+
+	            }
 
             break;