aboutsummaryrefslogtreecommitdiff
path: root/mod/blog/start.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/blog/start.php')
-rw-r--r--mod/blog/start.php15
1 files changed, 14 insertions, 1 deletions
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 25cd81935..e724b91c2 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -113,14 +113,23 @@ function blog_page_handler($page) {
switch ($page_type) {
case 'owner':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_list($user->guid);
break;
case 'friends':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_friends($user->guid);
break;
case 'archive':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_archive($user->guid, $page[2], $page[3]);
break;
case 'view':
@@ -139,7 +148,11 @@ function blog_page_handler($page) {
$params = blog_get_page_content_edit($page_type, $page[1], $page[2]);
break;
case 'group':
- if ($page[2] == 'all') {
+ $group = get_entity($page[1]);
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
+ }
+ if (!isset($page[2]) || $page[2] == 'all') {
$params = blog_get_page_content_list($page[1]);
} else {
$params = blog_get_page_content_archive($page[1], $page[3], $page[4]);
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 05:56:50 +0000