check for correct page_owner to prevent unwanted access to the page

diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php
index fdfc20c43f02ac787fe497a9a2022223a92db178..de5b8b23119f603008fd22761c2b9e4aa304f847 100644 (file)
--- a/mod/messages/pages/messages/inbox.php
+++ b/mod/messages/pages/messages/inbox.php
@@ -8,8 +8,13 @@
 gatekeeper();
 
 $page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
-       register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+       $guid = 0;
+       if($page_owner){
+               $guid = $page_owner->getGUID();
+       }
+       register_error(elgg_echo("pageownerunavailable", array($guid)));
        forward();
 }
 

diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php
index af06ab273d17f297cca93b4af27113f65975ec80..3d08cd5eece3aac5cf7801c7e5cca20b6f412632 100644 (file)
--- a/mod/messages/pages/messages/sent.php
+++ b/mod/messages/pages/messages/sent.php
@@ -8,8 +8,13 @@
 gatekeeper();
 
 $page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
-       register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+       $guid = 0;
+       if($page_owner){
+               $guid = $page_owner->getGUID();
+       }
+       register_error(elgg_echo("pageownerunavailable", array($guid)));
        forward();
 }