aboutsummaryrefslogtreecommitdiff
path: root/mod/messages
diff options
context:
space:
mode:
authorJeroen Dalsem <jdalsem@coldtrick.com>2012-10-03 14:07:54 +0200
committerJeroen Dalsem <jdalsem@coldtrick.com>2012-10-03 14:07:54 +0200
commitb29dcc4b232bdf5f587fce31c2c271c1814c4392 (patch)
tree5efb14380d03ea0fd7b14ca439c99e546f488080 /mod/messages
parent9e377f9e006c20c98aa757f1c30228293651a404 (diff)
downloadelgg-b29dcc4b232bdf5f587fce31c2c271c1814c4392.tar.gz
elgg-b29dcc4b232bdf5f587fce31c2c271c1814c4392.tar.bz2
check for correct page_owner to prevent unwanted access to the page
Diffstat (limited to 'mod/messages')
-rw-r--r--mod/messages/pages/messages/inbox.php9
-rw-r--r--mod/messages/pages/messages/sent.php9
2 files changed, 14 insertions, 4 deletions
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php
index fdfc20c43..de5b8b231 100644
--- a/mod/messages/pages/messages/inbox.php
+++ b/mod/messages/pages/messages/inbox.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php
index af06ab273..3d08cd5ee 100644
--- a/mod/messages/pages/messages/sent.php
+++ b/mod/messages/pages/messages/sent.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}