diff options
author | Evan Winslow <evan@elgg.org> | 2012-10-09 23:47:08 -0700 |
---|---|---|
committer | Evan Winslow <evan@elgg.org> | 2012-10-09 23:47:08 -0700 |
commit | 0f3124c29f66eb57b7310d720bf76564b57eb2c0 (patch) | |
tree | 05595c97892ee976487d94a0894337daad4de75b /mod/messages/pages | |
parent | f888fa1d02bcd8f24d53566bf30d6466f6c00e78 (diff) | |
parent | b29dcc4b232bdf5f587fce31c2c271c1814c4392 (diff) | |
download | elgg-0f3124c29f66eb57b7310d720bf76564b57eb2c0.tar.gz elgg-0f3124c29f66eb57b7310d720bf76564b57eb2c0.tar.bz2 |
Merge pull request #397 from jdalsem/#4879-unwanted-access-to-messages-pages
Fixes #4879: unwanted access to messages pages
Diffstat (limited to 'mod/messages/pages')
-rw-r--r-- | mod/messages/pages/messages/inbox.php | 9 | ||||
-rw-r--r-- | mod/messages/pages/messages/read.php | 4 | ||||
-rw-r--r-- | mod/messages/pages/messages/sent.php | 9 |
3 files changed, 16 insertions, 6 deletions
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php index fdfc20c43..de5b8b231 100644 --- a/mod/messages/pages/messages/inbox.php +++ b/mod/messages/pages/messages/inbox.php @@ -8,8 +8,13 @@ gatekeeper(); $page_owner = elgg_get_page_owner_entity(); -if (!$page_owner) { - register_error(elgg_echo()); + +if (!$page_owner || !$page_owner->canEdit()) { + $guid = 0; + if($page_owner){ + $guid = $page_owner->getGUID(); + } + register_error(elgg_echo("pageownerunavailable", array($guid))); forward(); } diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php index fd3b466a1..eb36eaa4b 100644 --- a/mod/messages/pages/messages/read.php +++ b/mod/messages/pages/messages/read.php @@ -8,8 +8,8 @@ gatekeeper(); $message = get_entity(get_input('guid')); -if (!$message) { - forward('messages/inbox'); +if (!$message || !elgg_instanceof($message, "object", "messages")) { + forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username); } // mark the message as read diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php index af06ab273..3d08cd5ee 100644 --- a/mod/messages/pages/messages/sent.php +++ b/mod/messages/pages/messages/sent.php @@ -8,8 +8,13 @@ gatekeeper(); $page_owner = elgg_get_page_owner_entity(); -if (!$page_owner) { - register_error(elgg_echo()); + +if (!$page_owner || !$page_owner->canEdit()) { + $guid = 0; + if($page_owner){ + $guid = $page_owner->getGUID(); + } + register_error(elgg_echo("pageownerunavailable", array($guid))); forward(); } |