diff options
Diffstat (limited to 'modules/tag')
| -rw-r--r-- | modules/tag/controllers/admin_tags.php | 1 | ||||
| -rw-r--r-- | modules/tag/controllers/tags.php | 14 |
2 files changed, 9 insertions, 6 deletions
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index 1176b0ca..01884bb8 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -42,6 +42,7 @@ class Admin_Tags_Controller extends Admin_Controller { public function delete($id) { access::verify_csrf(); + $tag = ORM::factory("tag", $id); if (!$tag->loaded) { kohana::show_404(); diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index aecd1db7..295a9d3b 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -27,16 +27,16 @@ class Tags_Controller extends REST_Controller { $offset = ($page-1) * $page_size; // Make sure that the page references a valid offset - if ($page < 1 || $page > ceil($children_count / $page_size)) { + if ($page < 1 || ($children_count && $page > ceil($children_count / $page_size))) { Kohana::show_404(); } $template = new Theme_View("page.html", "tag"); - $template->set_global('page_size', $page_size); - $template->set_global('page_title', t("Browse Tag::%name", array("name" => $tag->name))); - $template->set_global('tag', $tag); - $template->set_global('children', $tag->items($page_size, $offset)); - $template->set_global('children_count', $children_count); + $template->set_global("page_size", $page_size); + $template->set_global("page_title", t("Browse Tag::%name", array("name" => $tag->name))); + $template->set_global("tag", $tag); + $template->set_global("children", $tag->items($page_size, $offset)); + $template->set_global("children_count", $children_count); $template->content = new View("dynamic.html"); print $template; @@ -48,6 +48,7 @@ class Tags_Controller extends REST_Controller { public function _create($tag) { $item = ORM::factory("item", $this->input->post("item_id")); + access::required("view", $item); access::required("edit", $item); $form = tag::get_add_form($item); @@ -73,6 +74,7 @@ class Tags_Controller extends REST_Controller { public function _form_add($item_id) { $item = ORM::factory("item", $item_id); access::required("view", $item); + access::required("edit", $item); return tag::get_add_form($item); } |