diff options
author | Steve Clay <steve@mrclay.org> | 2013-05-29 13:13:16 -0400 |
---|---|---|
committer | Steve Clay <steve@mrclay.org> | 2013-05-29 13:13:16 -0400 |
commit | dd9df95001f5293e7a3a93a365c64842fe3650e4 (patch) | |
tree | 8f31359b90940a73349f668dd33efd9d5059f0fa /pages/avatar | |
parent | 28c43f6c615fba77d81f59e73ef29ba9d58049ea (diff) | |
download | elgg-dd9df95001f5293e7a3a93a365c64842fe3650e4.tar.gz elgg-dd9df95001f5293e7a3a93a365c64842fe3650e4.tar.bz2 |
Fix avatar edit permissions (by Jerôme Bakker)
Diffstat (limited to 'pages/avatar')
-rw-r--r-- | pages/avatar/edit.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pages/avatar/edit.php b/pages/avatar/edit.php index c71633b8b..56aede887 100644 --- a/pages/avatar/edit.php +++ b/pages/avatar/edit.php @@ -11,6 +11,11 @@ elgg_set_context('profile_edit'); $title = elgg_echo('avatar:edit'); $entity = elgg_get_page_owner_entity(); +if (!elgg_instanceof($entity, 'user') || !$entity->canEdit()) { + register_error(elgg_echo('avatar:noaccess')); + forward(REFERER); +} + $content = elgg_view('core/avatar/upload', array('entity' => $entity)); // only offer the crop view if an avatar has been uploaded |