*/
function messages_page_handler($page) {
+ $current_user = elgg_get_logged_in_user_entity();
+ if (!$current_user) {
+ register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward('');
+ }
+
elgg_load_library('elgg:messages');
- elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . elgg_get_logged_in_user_entity()->username);
+ elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . $current_user->username);
if (!isset($page[0])) {
$page[0] = 'inbox';
}
- // supporting the old inbox url /messages/<username>
- $user = get_user_by_username($page[0]);
- if ($user) {
- // Need to make sure that the username of the parameter is actually
- // the username of the logged in user. This will prevent strange
- // errors like grabbing the 'read' parameter and looking up
- // a user with username 'read' and finding it and redirecting
- // to that other person's inbox.
-
- if ($user->username == elgg_get_logged_in_user_entity()->username) {
- // OK, so it is our username and not someone else's
- $page[1] = $page[0];
- $page[0] = 'inbox';
- }
+ // Support the old inbox url /messages/<username>, but only if it matches the logged in user.
+ // Otherwise having a username like "read" on the system could confuse this function.
+ if ($current_user->username === $page[0]) {
+ $page[1] = $page[0];
+ $page[0] = 'inbox';
}
if (!isset($page[1])) {
- $page[1] = elgg_get_logged_in_user_entity()->username;
+ $page[1] = $current_user->username;
}
$base_dir = elgg_get_plugins_path() . 'messages/pages/messages';
projects / lorea / elgg.git / commitdiff