aboutsummaryrefslogtreecommitdiff
path: root/pages/avatar
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2013-05-29 13:13:16 -0400
committerSteve Clay <steve@mrclay.org>2013-05-29 13:13:16 -0400
commitdd9df95001f5293e7a3a93a365c64842fe3650e4 (patch)
tree8f31359b90940a73349f668dd33efd9d5059f0fa /pages/avatar
parent28c43f6c615fba77d81f59e73ef29ba9d58049ea (diff)
downloadelgg-dd9df95001f5293e7a3a93a365c64842fe3650e4.tar.gz
elgg-dd9df95001f5293e7a3a93a365c64842fe3650e4.tar.bz2
Fix avatar edit permissions (by Jerôme Bakker)
Diffstat (limited to 'pages/avatar')
-rw-r--r--pages/avatar/edit.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/pages/avatar/edit.php b/pages/avatar/edit.php
index c71633b8b..56aede887 100644
--- a/pages/avatar/edit.php
+++ b/pages/avatar/edit.php
@@ -11,6 +11,11 @@ elgg_set_context('profile_edit');
$title = elgg_echo('avatar:edit');
$entity = elgg_get_page_owner_entity();
+if (!elgg_instanceof($entity, 'user') || !$entity->canEdit()) {
+ register_error(elgg_echo('avatar:noaccess'));
+ forward(REFERER);
+}
+
$content = elgg_view('core/avatar/upload', array('entity' => $entity));
// only offer the crop view if an avatar has been uploaded