Fixes #5126 forwards on attempts to access someone else's settings page

author: Cash Costello <cash.costello@gmail.com> 2013-02-23 08:05:01 -0500
committer: Cash Costello <cash.costello@gmail.com> 2013-02-23 08:05:01 -0500
commit: 9bda5425d8a1e33ce42ea11de12918706768c39b (patch)
tree: b92870c7db03630b5534958ee7ac4f22b24b509c /pages/settings/tools.php
parent: 262424936a83d9fc6968a261381a4c2ba95d0f0f (diff)
download: elgg-9bda5425d8a1e33ce42ea11de12918706768c39b.tar.gz
elgg-9bda5425d8a1e33ce42ea11de12918706768c39b.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/pages/settings/tools.php b/pages/settings/tools.php
index daf381728..ed6b941c0 100644
--- a/pages/settings/tools.php
+++ b/pages/settings/tools.php
@@ -6,12 +6,13 @@
  * @subpackage Core
  */
 
-// Make sure only valid users can see this
+// Only logged in users
 gatekeeper();
 
 // Make sure we don't open a security hole ...
 if ((!elgg_get_page_owner_entity()) || (!elgg_get_page_owner_entity()->canEdit())) {
-	elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
+	register_error(elgg_echo('noaccess'));
+	forward('/');
 }
 
 $title = elgg_echo("usersettings:plugins");
author	Cash Costello <cash.costello@gmail.com>	2013-02-23 08:05:01 -0500
committer	Cash Costello <cash.costello@gmail.com>	2013-02-23 08:05:01 -0500
commit	9bda5425d8a1e33ce42ea11de12918706768c39b (patch)
tree	b92870c7db03630b5534958ee7ac4f22b24b509c /pages/settings/tools.php
parent	262424936a83d9fc6968a261381a4c2ba95d0f0f (diff)
download	elgg-9bda5425d8a1e33ce42ea11de12918706768c39b.tar.gz elgg-9bda5425d8a1e33ce42ea11de12918706768c39b.tar.bz2