patch for the blogapi_get_post function

Hi all,

Inside function blogapi_get_post($req_params), it should check userId

$node = node_load(array('nid' => $params[0]));

+ if (!$node || $node->uid != $user->uid) {
+ return blogapi_error(message_na());
+ }

$blog = _blogapi_get_post($node, true);

Regards,

yysun
http://www.wbeditor.com

Comments

Comment #1

yysun commented 28 October 2004 at 17:37

maybe it should use

return blogapi_error(message_access());

Log in or register to post comments

Comment #2

yysun commented 31 October 2004 at 01:46

Maybe my last post set this issue to be "fixed". But it's not yet. Checked the CVS.

yysun
http://www.wbeditor.com

Log in or register to post comments

Comment #3

Prometheus6 commented 22 December 2004 at 18:09

The user is validated before the call to node_load()

$user = blogapi_validate_user($params[1], $params[2]);
if (!$user->uid) {
  return blogapi_error($user);
}

$node = node_load(array('nid' => $params[0]));

Log in or register to post comments