diff --git a/web/root/blogs/blog_config.js b/web/root/blogs/blog_config.js
index 8da2de3c3e3bc8b4b02d040b89f6e000dee5badd..af22ee6148e03b2499bbdb9423e1b0aea5a4839e 100644
--- a/web/root/blogs/blog_config.js
+++ b/web/root/blogs/blog_config.js
@@ -33,6 +33,11 @@ var subject=parameters[6];
// exit(1);
//}
+if(!msg_area.sub[msg_code].can_read) {
+ write("<html><head><title>Error</title></head><body>Error opening "+msg_code+"!</body></html>");
+ exit(1);
+}
+
var msgbase = new MsgBase(msg_code);
if(!msgbase.open()) {
write("<html><head><title>Error</title></head><body>Error opening "+msg_code+"!</body></html>");
diff --git a/web/root/blogs/blog_item.xjs b/web/root/blogs/blog_item.xjs
index ee7c5fb2008ea18e3ad10cfee237a670bd2ca945..30f21e181d958020d48a91857c348982d8832cf2 100644
--- a/web/root/blogs/blog_item.xjs
+++ b/web/root/blogs/blog_item.xjs
@@ -58,6 +58,10 @@ function not_found_error(reason)
}
var hdr=msgbase.get_msg_header(msgid);
+if(hdr==null)
+ not_found_error("no header");
+if(hdr.attr & (MSG_PRIVATE|MSG_DELETE))
+ not_found_error("not viewable");
if(hdr.from.toUpperCase() != poster.toUpperCase())
not_found_error("poster");
//if(hdr.from_ext != pnum)
@@ -126,6 +130,10 @@ while(1) {
}
}
hdr=msgbase.get_msg_header(msgid);
+ if(hdr==null)
+ continue;
+ if(hdr.attr & (MSG_PRIVATE|MSG_DELETE))
+ continue;
var body=msgbase.get_msg_body(msgid, true);
body=html_encode(body,true,true,false,false);
//body=body.split(" ").join("</p><p>");
diff --git a/web/root/blogs/msg_index.xjs b/web/root/blogs/msg_index.xjs
index ce167fa98869af206d96fa70399b379830228906..ab2c8414f19299e1f0f14f76d50ab455be740f5a 100644
--- a/web/root/blogs/msg_index.xjs
+++ b/web/root/blogs/msg_index.xjs
@@ -6,6 +6,8 @@
<?xjs
for(var grp in msg_area.grp_list) {
for(var sub in msg_area.grp_list[grp].sub_list) {
+ if(!msg_area.grp_list[grp].sub_list[sub].can_read)
+ continue;
write('<a href="'+msg_area.grp_list[grp].sub_list[sub].code+'/">'+msg_area.grp_list[grp].sub_list[sub].description+'</a><br>');
}
}