From 762fb878f838e329dd2e0245b1f597203c3833b6 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 30 Jun 2011 23:21:58 -0700 Subject: [PATCH] don't allow editing of somebody else's event --- mod/events.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/mod/events.php b/mod/events.php index 642da3cb7..879a66742 100644 --- a/mod/events.php +++ b/mod/events.php @@ -183,7 +183,8 @@ function events_content(&$a) { $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); - $r = q("SELECT `event`.*, `item`.`id` AS `itemid`,`item`.`plink` FROM `event` LEFT JOIN `item` ON `item`.`event-id` = `event`.`id` + $r = q("SELECT `event`.*, `item`.`id` AS `itemid`,`item`.`plink`, + `item`.`author-name`, `item`.`author-avatar`, `item`.`author-link` FROM `event` LEFT JOIN `item` ON `item`.`event-id` = `event`.`id` WHERE `event`.`uid` = %d AND (( `adjust` = 0 AND `start` >= '%s' AND `start` <= '%s' ) OR ( `adjust` = 1 AND `start` >= '%s' AND `start` <= '%s' )) ", @@ -218,10 +219,6 @@ function events_content(&$a) { - - - - $last_date = ''; $fmt = t('l, F j'); @@ -235,7 +232,7 @@ function events_content(&$a) { $o .= '
' . $d . '
'; $last_date = $d; $o .= format_event_html($rr); - $o .= ''; + $o .= (($rr['cid']) ? '' : ''); if($rr['plink']) $o .= '';