Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #10977 by Gerhard: added missing node access controls for RSS feeds.

4.5.x
Dries Buytaert 2004-09-21 18:43:54 +00:00
parent fbc6f16132
commit 4f5164c980
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/blog.module
View File

@ -102,7 +102,7 @@ function blog_feed_user($uid = 0) {
$account = $user;
}
$result = db_query_range("SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.type = 'blog' AND u.uid = %d AND n.status = 1 ORDER BY n.created DESC", $uid, 0, 15);
$result = db_query_range('SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n '. node_access_join_sql() .' INNER JOIN {users} u ON n.uid = u.uid WHERE '. node_access_where_sql() ." AND n.type = 'blog' AND u.uid = %d AND n.status = 1 ORDER BY n.created DESC", $uid, 0, 15);
$channel['title'] = $account->name ."'s blog";
$channel['link'] = url("blog/$uid", NULL, NULL, TRUE);
$channel['description'] = $term->description;
@ -113,7 +113,7 @@ function blog_feed_user($uid = 0) {
* Displays an RSS feed containing recent blog entries of all users.
*/
function blog_feed_last() {
$result = db_query_range("SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 15);
$result = db_query_range('SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n '. node_access_join_sql() .' INNER JOIN {users} u ON n.uid = u.uid WHERE '. node_access_where_sql() ." AND n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 15);
$channel['title'] = variable_get('site_name', 'drupal') .' blogs';
$channel['link'] = url('blog', NULL, NULL, TRUE);
$channel['description'] = $term->description;
@ -160,7 +160,7 @@ function blog_page_last() {
$output = '';
$result = pager_query('SELECT DISTINCT(n.nid), n.created FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
$result = pager_query('SELECT DISTINCT(n.nid), n.created FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);

6
modules/blog/blog.module
View File

@ -102,7 +102,7 @@ function blog_feed_user($uid = 0) {
$account = $user;
}
$result = db_query_range("SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.type = 'blog' AND u.uid = %d AND n.status = 1 ORDER BY n.created DESC", $uid, 0, 15);
$result = db_query_range('SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n '. node_access_join_sql() .' INNER JOIN {users} u ON n.uid = u.uid WHERE '. node_access_where_sql() ." AND n.type = 'blog' AND u.uid = %d AND n.status = 1 ORDER BY n.created DESC", $uid, 0, 15);
$channel['title'] = $account->name ."'s blog";
$channel['link'] = url("blog/$uid", NULL, NULL, TRUE);
$channel['description'] = $term->description;
@ -113,7 +113,7 @@ function blog_feed_user($uid = 0) {
* Displays an RSS feed containing recent blog entries of all users.
*/
function blog_feed_last() {
$result = db_query_range("SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 15);
$result = db_query_range('SELECT n.nid, n.title, n.teaser, n.created, u.name, u.uid FROM {node} n '. node_access_join_sql() .' INNER JOIN {users} u ON n.uid = u.uid WHERE '. node_access_where_sql() ." AND n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 15);
$channel['title'] = variable_get('site_name', 'drupal') .' blogs';
$channel['link'] = url('blog', NULL, NULL, TRUE);
$channel['description'] = $term->description;
@ -160,7 +160,7 @@ function blog_page_last() {
$output = '';
$result = pager_query('SELECT DISTINCT(n.nid), n.created FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
$result = pager_query('SELECT DISTINCT(n.nid), n.created FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);

2
modules/node.module
View File

@ -1002,7 +1002,7 @@ function node_feed($nodes = 0, $channel = array()) {
global $base_url, $locale;
if (!$nodes) {
$nodes = db_query_range('SELECT nid FROM {node} WHERE promote = 1 AND status = 1 ORDER BY created DESC', 0, 15);
$nodes = db_query_range('SELECT n.nid FROM {node} n '. node_access_join_sql() .' WHERE '. node_access_where_sql() .' AND n.promote = 1 AND n.status = 1 ORDER BY n.created DESC', 0, 15);
}
while ($node = db_fetch_object($nodes)) {

2
modules/node/node.module
View File

@ -1002,7 +1002,7 @@ function node_feed($nodes = 0, $channel = array()) {
global $base_url, $locale;
if (!$nodes) {
$nodes = db_query_range('SELECT nid FROM {node} WHERE promote = 1 AND status = 1 ORDER BY created DESC', 0, 15);
$nodes = db_query_range('SELECT n.nid FROM {node} n '. node_access_join_sql() .' WHERE '. node_access_where_sql() .' AND n.promote = 1 AND n.status = 1 ORDER BY n.created DESC', 0, 15);
}
while ($node = db_fetch_object($nodes)) {