summaryrefslogtreecommitdiff
path: root/lib/blog
diff options
context:
space:
mode:
Diffstat (limited to 'lib/blog')
-rw-r--r--lib/blog/edcom.php2
-rw-r--r--lib/blog/index.php4
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/blog/edcom.php b/lib/blog/edcom.php
index 2b96ff9..ca8fd7e 100644
--- a/lib/blog/edcom.php
+++ b/lib/blog/edcom.php
@@ -9,7 +9,7 @@ $com = mysql_fetch_assoc(sql(
"SELECT blog_comments.owner AS owner, blog_comments.text AS text, blog_comments.post AS post ".
"FROM blog_comments WHERE id = $comid"
));
-assert_error($com && $com['owner'] == $user['id'],
+assert_error($com && ($com['owner'] == $user['id'] || $user['priv'] >= $priv_mod),
"This comment does not exist, or you are not allowed to edit it.");
$com_text = $com['text'];
diff --git a/lib/blog/index.php b/lib/blog/index.php
index 08aa630..99c7bbe 100644
--- a/lib/blog/index.php
+++ b/lib/blog/index.php
@@ -39,7 +39,7 @@ function count_in($fat, $v, $d) {
}
$q =
- "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ".
+ "SELECT blog_posts.id AS id, blog_posts.title AS title, DATE_fORMAT(blog_posts.date, '%Y-%m-%d') AS date, ".
"UNIX_TIMESTAMP(blog_posts.date) AS date_ts, ".
"DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ".
"blog_posts.text_html AS text_html, GROUP_CONCAT(DISTINCT ba.tag SEPARATOR ', ') AS tags, ".
@@ -70,7 +70,7 @@ while ($pp = mysql_fetch_assoc($n)) {
count_in('date', str_replace('-', '_', $pp['month']), $pp['month']);
}
-$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
+$can_post = (($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0));
$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);