2 files changed, 15 insertions, 2 deletions

diff --git a/mod/blog/start.php b/mod/blog/start.php
index 25cd81935..e724b91c2 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -113,14 +113,23 @@ function blog_page_handler($page) {
 	switch ($page_type) {
 		case 'owner':
 			$user = get_user_by_username($page[1]);
+			if (!$user) {
+				forward('', '404');
+			}
 			$params = blog_get_page_content_list($user->guid);
 			break;
 		case 'friends':
 			$user = get_user_by_username($page[1]);
+			if (!$user) {
+				forward('', '404');
+			}
 			$params = blog_get_page_content_friends($user->guid);
 			break;
 		case 'archive':
 			$user = get_user_by_username($page[1]);
+			if (!$user) {
+				forward('', '404');
+			}
 			$params = blog_get_page_content_archive($user->guid, $page[2], $page[3]);
 			break;
 		case 'view':
@@ -139,7 +148,11 @@ function blog_page_handler($page) {
 			$params = blog_get_page_content_edit($page_type, $page[1], $page[2]);
 			break;
 		case 'group':
-			if ($page[2] == 'all') {
+			$group = get_entity($page[1]);
+			if (!elgg_instanceof($group, 'group')) {
+				forward('', '404');
+			}
+			if (!isset($page[2]) || $page[2] == 'all') {
 				$params = blog_get_page_content_list($page[1]);
 			} else {
 				$params = blog_get_page_content_archive($page[1], $page[3], $page[4]);
diff --git a/mod/blog/views/default/blog/sidebar/archives.php b/mod/blog/views/default/blog/sidebar/archives.php
index 3d8f28ca4..5098e6e3e 100644
--- a/mod/blog/views/default/blog/sidebar/archives.php
+++ b/mod/blog/views/default/blog/sidebar/archives.php
@@ -14,7 +14,7 @@ if (elgg_instanceof($page_owner, 'user')) {
 
 // This is a limitation of the URL schema.
 if ($page_owner && $vars['page'] != 'friends') {
-	$dates = get_entity_dates('object', 'blog', $page_owner->getGUID());
+	$dates = array_reverse(get_entity_dates('object', 'blog', $page_owner->getGUID()));
 	
 	if ($dates) {
 		$title = elgg_echo('blog:archives');