11 files changed, 24 insertions, 8 deletions

diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php
index 6d07778a9..e793ab9c6 100644
--- a/engine/classes/ElggSite.php
+++ b/engine/classes/ElggSite.php
@@ -423,6 +423,7 @@ class ElggSite extends ElggEntity {
 		// default public pages
 		$defaults = array(
 			'walled_garden/.*',
+			'login',
 			'action/login',
 			'register',
 			'action/register',
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 4875b2c2f..c06e7fb99 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -1452,6 +1452,7 @@ function enable_entity($guid, $recursive = true) {
 						'relationship' => 'disabled_with',
 						'relationship_guid' => $entity->guid,
 						'inverse_relationship' => true,
+						'limit' => 0,
 					));
 
 					foreach ($disabled_with_it as $e) {
diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php
index a7984ce5a..4ff009bfb 100644
--- a/engine/lib/navigation.php
+++ b/engine/lib/navigation.php
@@ -230,7 +230,7 @@ function elgg_pop_breadcrumb() {
 	global $CONFIG;
 
 	if (is_array($CONFIG->breadcrumbs)) {
-		array_pop($CONFIG->breadcrumbs);
+		return array_pop($CONFIG->breadcrumbs);
 	}
 
 	return FALSE;
diff --git a/languages/en.php b/languages/en.php
index f1de1f202..ae874a550 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -239,7 +239,7 @@ $english = array(
 	'pageownerunavailable' => 'Warning: The page owner %d is not accessible!',
 	'viewfailure' => 'There was an internal failure in the view %s',
 	'changebookmark' => 'Please change your bookmark for this page',
-	'noaccess' => 'This content has been removed, is invalid, or you do not have permission to view it.',
+	'noaccess' => 'The content you were trying to view has been removed or you do not have permission to view it.',
 	'error:missing_data' => 'There was some data missing in your request',
 
 	'error:default' => 'Oops...something went wrong.',
diff --git a/mod/blog/languages/en.php b/mod/blog/languages/en.php
index e1930b916..5248a6f51 100644
--- a/mod/blog/languages/en.php
+++ b/mod/blog/languages/en.php
@@ -41,7 +41,6 @@ $english = array(
 	'blog:message:saved' => 'Blog post saved.',
 	'blog:error:cannot_save' => 'Cannot save blog post.',
 	'blog:error:cannot_write_to_container' => 'Insufficient access to save blog to group.',
-	'blog:error:post_not_found' => 'This post has been removed, is invalid, or you do not have permission to view it.',
 	'blog:messages:warning:draft' => 'There is an unsaved draft of this post!',
 	'blog:edit_revision_notice' => '(Old version)',
 	'blog:message:deleted_post' => 'Blog post deleted.',
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 286fe1832..9d6cb37e7 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -22,7 +22,7 @@ function blog_get_page_content_read($guid = NULL) {
 	$return['filter'] = '';
 
 	if (!elgg_instanceof($blog, 'object', 'blog')) {
-		$return['content'] = elgg_echo('blog:error:post_not_found');
+		$return['content'] = elgg_echo('noaccess');
 		return $return;
 	}
 
diff --git a/mod/bookmarks/pages/bookmarks/view.php b/mod/bookmarks/pages/bookmarks/view.php
index 2439d2ee8..c819b8b41 100644
--- a/mod/bookmarks/pages/bookmarks/view.php
+++ b/mod/bookmarks/pages/bookmarks/view.php
@@ -6,6 +6,10 @@
  */
 
 $bookmark = get_entity(get_input('guid'));
+if (!$bookmark) {
+	register_error(elgg_echo('noaccess'));
+	forward('');
+}
 
 $page_owner = elgg_get_page_owner_entity();
 
diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php
index a571c9d68..ec51b30e6 100644
--- a/mod/file/pages/file/view.php
+++ b/mod/file/pages/file/view.php
@@ -6,6 +6,10 @@
  */
 
 $file = get_entity(get_input('guid'));
+if (!$file) {
+	register_error(elgg_echo('noaccess'));
+	forward('');
+}
 
 $owner = elgg_get_page_owner_entity();
 
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 81477a8d4..6b9d03f49 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -8,6 +8,7 @@
 $page_guid = get_input('guid');
 $page = get_entity($page_guid);
 if (!$page) {
+	register_error(elgg_echo('noaccess'));
 	forward();
 }
 
@@ -32,7 +33,8 @@ elgg_push_breadcrumb($title);
 $content = elgg_view_entity($page, array('full_view' => true));
 $content .= elgg_view_comments($page);
 
-if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
+// can add subpage if can edit this page and write to container (such as a group)
+if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) {
 	$url = "pages/add/$page->guid";
 	elgg_register_menu_item('title', array(
 			'name' => 'subpage',
diff --git a/mod/thewire/pages/thewire/view.php b/mod/thewire/pages/thewire/view.php
index f45f94bfe..1818e725a 100644
--- a/mod/thewire/pages/thewire/view.php
+++ b/mod/thewire/pages/thewire/view.php
@@ -5,8 +5,8 @@
 
 $post = get_entity(get_input('guid'));
 if (!$post) {
-	// @todo need special handling for not getting access to entity (check for existence, access)
-	forward();
+	register_error(elgg_echo('noaccess'));
+	forward('');
 }
 $owner = $post->getOwnerEntity();
 if (!$owner) {
diff --git a/views/default/navigation/pagination.php b/views/default/navigation/pagination.php
index e0d355327..04044c51c 100644
--- a/views/default/navigation/pagination.php
+++ b/views/default/navigation/pagination.php
@@ -113,7 +113,12 @@ foreach ($pages->items as $page) {
 	} else {
 		$page_offset = (($page - 1) * $limit);
 		$url = elgg_http_add_url_query_elements($base_url, array($offset_key => $page_offset));
-		echo "<li><a href=\"$url\">$page</a></li>";
+		$link = elgg_view('output/url', array(
+			'href' => $url,
+			'text' => $page,
+			'is_trusted' => true,
+		));
+		echo "<li>$link</li>";
 	}
 }