diff options
author | Cash Costello <cash.costello@gmail.com> | 2013-02-23 08:05:01 -0500 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2013-02-23 08:05:01 -0500 |
commit | 9bda5425d8a1e33ce42ea11de12918706768c39b (patch) | |
tree | b92870c7db03630b5534958ee7ac4f22b24b509c /pages/settings/account.php | |
parent | 262424936a83d9fc6968a261381a4c2ba95d0f0f (diff) | |
download | elgg-9bda5425d8a1e33ce42ea11de12918706768c39b.tar.gz elgg-9bda5425d8a1e33ce42ea11de12918706768c39b.tar.bz2 |
Fixes #5126 forwards on attempts to access someone else's settings page
Diffstat (limited to 'pages/settings/account.php')
-rw-r--r-- | pages/settings/account.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/pages/settings/account.php b/pages/settings/account.php index 1bf71973b..962e1fc37 100644 --- a/pages/settings/account.php +++ b/pages/settings/account.php @@ -11,7 +11,8 @@ gatekeeper(); // Make sure we don't open a security hole ... if ((!elgg_get_page_owner_entity()) || (!elgg_get_page_owner_entity()->canEdit())) { - elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); + register_error(elgg_echo('noaccess')); + forward('/'); } $title = elgg_echo('usersettings:user'); |