Fixes #5126 forwards on attempts to access someone else's settings page

diff --git a/pages/settings/account.php b/pages/settings/account.php
index 1bf71973b40acf5c9df4ccc687689ea9a30acdff..962e1fc37f3d0f59c7fbe82ac4813babc29bfa8d 100644 (file)
--- a/pages/settings/account.php
+++ b/pages/settings/account.php
@@ -11,7 +11,8 @@ gatekeeper();
 
 // Make sure we don't open a security hole ...
 if ((!elgg_get_page_owner_entity()) || (!elgg_get_page_owner_entity()->canEdit())) {
-       elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
+       register_error(elgg_echo('noaccess'));
+       forward('/');
 }
 
 $title = elgg_echo('usersettings:user');

diff --git a/pages/settings/statistics.php b/pages/settings/statistics.php
index 9df71ec5ef0ccd8d1bd561bd775519f2d4dfe3ba..9dcc9211d2ff125037b86c07879a77957adbb5c3 100644 (file)
--- a/pages/settings/statistics.php
+++ b/pages/settings/statistics.php
@@ -11,7 +11,8 @@ gatekeeper();
 
 // Make sure we don't open a security hole ...
 if ((!elgg_get_page_owner_entity()) || (!elgg_get_page_owner_entity()->canEdit())) {
-       elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
+       register_error(elgg_echo('noaccess'));
+       forward('/');
 }
 
 $title = elgg_echo("usersettings:statistics");

diff --git a/pages/settings/tools.php b/pages/settings/tools.php
index daf38172829d9aac684efbc090dfa9a1fcf07ad0..ed6b941c0a8543f7609385066d69d7bd690f0f1d 100644 (file)
--- a/pages/settings/tools.php
+++ b/pages/settings/tools.php
@@ -6,12 +6,13 @@
  * @subpackage Core
  */
 
-// Make sure only valid users can see this
+// Only logged in users
 gatekeeper();
 
 // Make sure we don't open a security hole ...
 if ((!elgg_get_page_owner_entity()) || (!elgg_get_page_owner_entity()->canEdit())) {
-       elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
+       register_error(elgg_echo('noaccess'));
+       forward('/');
 }
 
 $title = elgg_echo("usersettings:plugins");