diff --git a/docs/www/blog/article.php b/docs/www/blog/article.php
index 2d9e1b3..f3d0e6f 100644
--- a/docs/www/blog/article.php
+++ b/docs/www/blog/article.php
@@ -172,7 +172,7 @@ class Blogpost
return;
}
- if ((bool)($_SESSION["current_user"]->permissions & 128)) {
+ if (isset($_COOKIE["PHPSESSID"]) && (bool)($_SESSION["current_user"]->permissions & 128)) {
$topRight = sprintf("
Edit | ", $this->blogpost_id);
@@ -407,17 +407,17 @@ if(isset($_POST["submit"])) {
$blogId."#comment-".$commentId);
}
-// Get the blog id.
-$blogId = sanitize_input($_GET["guid"]);
-
// If no ID was entered, display warning and die.
-if(!$blogId) {
+if(!isset($_GET["blogpost_id"])) {
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
include_once($COMMONS."/footer.php");
die();
}
+// Get the blog id.
+$blogId = sanitize_input($_GET["blogpost_id"]);
+
$blogPost = load_blog($conn, $blogId);
// If no ID was entered, display warning and die.
diff --git a/docs/www/blog/index.php b/docs/www/blog/index.php
index f25ee27..a34a75d 100755
--- a/docs/www/blog/index.php
+++ b/docs/www/blog/index.php
@@ -10,7 +10,7 @@ function display_blog_preview($blogpost_id, $title, $abstract,
$date_posted, $tags){
printf("
-
+
%s
diff --git a/docs/www/blog/tageditor.php b/docs/www/blog/tageditor.php
index 2bb1d1a..688acd5 100644
--- a/docs/www/blog/tageditor.php
+++ b/docs/www/blog/tageditor.php
@@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
// If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error.
-if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
+if (isset($_COOKIE["PHPSESSID"]) &&
+ (bool)($_SESSION["current_user"]->permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php");
diff --git a/docs/www/blog/writearticle.php b/docs/www/blog/writearticle.php
index 518194a..4b3ee46 100644
--- a/docs/www/blog/writearticle.php
+++ b/docs/www/blog/writearticle.php
@@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
// If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error.
-if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
+if (isset($_COOKIE["PHPSESSID"]) &&
+ (bool)($_SESSION["current_user"]->permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php");
diff --git a/docs/www/fileupload.php b/docs/www/fileupload.php
index 5929031..3ded7e0 100644
--- a/docs/www/fileupload.php
+++ b/docs/www/fileupload.php
@@ -5,7 +5,8 @@ include_once($COMMONS."/header.php");
// If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error.
-if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
+if (isset($_COOKIE["PHPSESSID"]) &&
+ (bool)($_SESSION["current_user"]->permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php");