Fixes #5745 serve 404 pages when someone requests content of a user that does not exist

12 files changed, 29 insertions, 13 deletions

diff --git a/mod/blog/start.php b/mod/blog/start.php
index 25cd81935..91525acee 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -113,14 +113,23 @@ function blog_page_handler($page) {
 	switch ($page_type) {
 		case 'owner':
 			$user = get_user_by_username($page[1]);
+			if (!$user) {
+				forward('', '404');
+			}
 			$params = blog_get_page_content_list($user->guid);
 			break;
 		case 'friends':
 			$user = get_user_by_username($page[1]);
+			if (!$user) {
+				forward('', '404');
+			}
 			$params = blog_get_page_content_friends($user->guid);
 			break;
 		case 'archive':
 			$user = get_user_by_username($page[1]);
+			if (!$user) {
+				forward('', '404');
+			}
 			$params = blog_get_page_content_archive($user->guid, $page[2], $page[3]);
 			break;
 		case 'view':
@@ -139,6 +148,10 @@ function blog_page_handler($page) {
 			$params = blog_get_page_content_edit($page_type, $page[1], $page[2]);
 			break;
 		case 'group':
+			$group = get_entity($page[1]);
+			if (!elgg_instanceof($group, 'group')) {
+				forward('', '404');
+			}
 			if ($page[2] == 'all') {
 				$params = blog_get_page_content_list($page[1]);
 			} else {
diff --git a/mod/bookmarks/pages/bookmarks/friends.php b/mod/bookmarks/pages/bookmarks/friends.php
index 15b1da098..173996346 100644
--- a/mod/bookmarks/pages/bookmarks/friends.php
+++ b/mod/bookmarks/pages/bookmarks/friends.php
@@ -7,7 +7,7 @@
 
 $page_owner = elgg_get_page_owner_entity();
 if (!$page_owner) {
-	forward('bookmarks/all');
+	forward('', '404');
 }
 
 elgg_push_breadcrumb($page_owner->name, "bookmarks/owner/$page_owner->username");
diff --git a/mod/bookmarks/pages/bookmarks/owner.php b/mod/bookmarks/pages/bookmarks/owner.php
index b99730fb9..b7b907916 100644
--- a/mod/bookmarks/pages/bookmarks/owner.php
+++ b/mod/bookmarks/pages/bookmarks/owner.php
@@ -7,7 +7,7 @@
 
 $page_owner = elgg_get_page_owner_entity();
 if (!$page_owner) {
-	forward('bookmarks/all');
+	forward('', '404');
 }
 
 elgg_push_breadcrumb($page_owner->name);
diff --git a/mod/file/pages/file/friends.php b/mod/file/pages/file/friends.php
index f504bdc1f..d55c1e62b 100644
--- a/mod/file/pages/file/friends.php
+++ b/mod/file/pages/file/friends.php
@@ -7,7 +7,7 @@
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('file/all');
+	forward('', '404');
 }
 
 elgg_push_breadcrumb(elgg_echo('file'), "file/all");
diff --git a/mod/file/pages/file/owner.php b/mod/file/pages/file/owner.php
index 5ad6866d6..99cf62714 100644
--- a/mod/file/pages/file/owner.php
+++ b/mod/file/pages/file/owner.php
@@ -10,7 +10,7 @@ group_gatekeeper();
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('file/all');
+	forward('', '404');
 }
 
 elgg_push_breadcrumb(elgg_echo('file'), "file/all");
diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php
index ab2fe4849..874e21b2d 100644
--- a/mod/groups/lib/discussion.php
+++ b/mod/groups/lib/discussion.php
@@ -39,9 +39,8 @@ function discussion_handle_list_page($guid) {
 	elgg_set_page_owner_guid($guid);
 
 	$group = get_entity($guid);
-	if (!$group) {
-		register_error(elgg_echo('group:notfound'));
-		forward();
+	if (!elgg_instanceof($group, 'group')) {
+		forward('', '404');
 	}
 	elgg_push_breadcrumb($group->name);
 
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index 0557d41eb..e5b047eba 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -255,8 +255,8 @@ function groups_handle_profile_page($guid) {
 	elgg_push_context('group_profile');
 
 	$group = get_entity($guid);
-	if (!$group) {
-		forward('groups/all');
+	if (!elgg_instanceof($group, 'group')) {
+		forward('', '404');
 	}
 
 	elgg_push_breadcrumb($group->name);
diff --git a/mod/groups/start.php b/mod/groups/start.php
index 46ab0e636..6002a535c 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -142,6 +142,10 @@ function groups_setup_sidebar_menus() {
 	$page_owner = elgg_get_page_owner_entity();
 
 	if (elgg_in_context('group_profile')) {
+		if (!elgg_instanceof($page_owner, 'group')) {
+			forward('', '404');
+		}
+
 		if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) {
 			$url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}";
 
diff --git a/mod/pages/pages/pages/friends.php b/mod/pages/pages/pages/friends.php
index 87ac631c2..cecc4053b 100644
--- a/mod/pages/pages/pages/friends.php
+++ b/mod/pages/pages/pages/friends.php
@@ -7,7 +7,7 @@
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('pages/all');
+	forward('', '404');
 }
 
 elgg_push_breadcrumb($owner->name, "pages/owner/$owner->username");
diff --git a/mod/pages/pages/pages/owner.php b/mod/pages/pages/pages/owner.php
index 48199368c..7de74a3b4 100644
--- a/mod/pages/pages/pages/owner.php
+++ b/mod/pages/pages/pages/owner.php
@@ -7,7 +7,7 @@
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('pages/all');
+	forward('', '404');
 }
 
 // access check for closed groups
diff --git a/mod/thewire/pages/thewire/friends.php b/mod/thewire/pages/thewire/friends.php
index e7f5eed59..efa7e7a56 100644
--- a/mod/thewire/pages/thewire/friends.php
+++ b/mod/thewire/pages/thewire/friends.php
@@ -5,7 +5,7 @@
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('thewire/all');
+	forward('', '404');
 }
 
 $title = elgg_echo('thewire:friends');
diff --git a/mod/thewire/pages/thewire/owner.php b/mod/thewire/pages/thewire/owner.php
index d8dff401e..dc25940e1 100644
--- a/mod/thewire/pages/thewire/owner.php
+++ b/mod/thewire/pages/thewire/owner.php
@@ -6,7 +6,7 @@
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('thewire/all');
+	forward('', '404');
 }
 
 $title = elgg_echo('thewire:user', array($owner->name));