aboutsummaryrefslogtreecommitdiff
path: root/mod/messages/pages
diff options
context:
space:
mode:
authorEvan Winslow <evan@elgg.org>2012-10-09 23:47:08 -0700
committerEvan Winslow <evan@elgg.org>2012-10-09 23:47:08 -0700
commit0f3124c29f66eb57b7310d720bf76564b57eb2c0 (patch)
tree05595c97892ee976487d94a0894337daad4de75b /mod/messages/pages
parentf888fa1d02bcd8f24d53566bf30d6466f6c00e78 (diff)
parentb29dcc4b232bdf5f587fce31c2c271c1814c4392 (diff)
downloadelgg-0f3124c29f66eb57b7310d720bf76564b57eb2c0.tar.gz
elgg-0f3124c29f66eb57b7310d720bf76564b57eb2c0.tar.bz2
Merge pull request #397 from jdalsem/#4879-unwanted-access-to-messages-pages
Fixes #4879: unwanted access to messages pages
Diffstat (limited to 'mod/messages/pages')
-rw-r--r--mod/messages/pages/messages/inbox.php9
-rw-r--r--mod/messages/pages/messages/read.php4
-rw-r--r--mod/messages/pages/messages/sent.php9
3 files changed, 16 insertions, 6 deletions
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php
index fdfc20c43..de5b8b231 100644
--- a/mod/messages/pages/messages/inbox.php
+++ b/mod/messages/pages/messages/inbox.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php
index fd3b466a1..eb36eaa4b 100644
--- a/mod/messages/pages/messages/read.php
+++ b/mod/messages/pages/messages/read.php
@@ -8,8 +8,8 @@
gatekeeper();
$message = get_entity(get_input('guid'));
-if (!$message) {
- forward('messages/inbox');
+if (!$message || !elgg_instanceof($message, "object", "messages")) {
+ forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username);
}
// mark the message as read
diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php
index af06ab273..3d08cd5ee 100644
--- a/mod/messages/pages/messages/sent.php
+++ b/mod/messages/pages/messages/sent.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}