diff options
-rw-r--r-- | settings/index.php | 10 | ||||
-rw-r--r-- | settings/statistics/index.php | 7 | ||||
-rw-r--r-- | settings/user/index.php | 6 | ||||
-rw-r--r-- | views/default/notifications/settings/usersettings.php | 2 | ||||
-rw-r--r-- | views/default/user/settings/email.php | 2 | ||||
-rw-r--r-- | views/default/user/settings/language.php | 2 | ||||
-rw-r--r-- | views/default/user/settings/name.php | 2 | ||||
-rw-r--r-- | views/default/user/settings/password.php | 2 |
8 files changed, 25 insertions, 8 deletions
diff --git a/settings/index.php b/settings/index.php index 5906ca842..041a06616 100644 --- a/settings/index.php +++ b/settings/index.php @@ -13,7 +13,15 @@ // Get the Elgg framework require_once(dirname(dirname(__FILE__)) . "/engine/start.php");
+ if (!page_owner())
+ set_page_owner($_SESSION['guid']);
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
+
// Forward to the user settings - forward('pg/settings/user');
+ forward('pg/settings/user?username=' . page_owner_entity()->username);
?>
\ No newline at end of file diff --git a/settings/statistics/index.php b/settings/statistics/index.php index 52546956d..87d84a604 100644 --- a/settings/statistics/index.php +++ b/settings/statistics/index.php @@ -14,7 +14,12 @@ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); // Make sure only valid admin users can see this - gatekeeper(); + gatekeeper();
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ } // Display main admin menu page_draw(elgg_echo("usersettings:statistics"),elgg_view_layout('two_column_left_sidebar','',elgg_view_title(elgg_echo("usersettings:statistics")) . elgg_view("usersettings/statistics"))); diff --git a/settings/user/index.php b/settings/user/index.php index b86181308..35b3eed5d 100644 --- a/settings/user/index.php +++ b/settings/user/index.php @@ -15,7 +15,11 @@ // Make sure only valid admin users can see this gatekeeper(); - +
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ } // Display main admin menu page_draw(
diff --git a/views/default/notifications/settings/usersettings.php b/views/default/notifications/settings/usersettings.php index 2792ccd4a..f1609d150 100644 --- a/views/default/notifications/settings/usersettings.php +++ b/views/default/notifications/settings/usersettings.php @@ -11,7 +11,7 @@ */ global $NOTIFICATION_HANDLERS; - $notification_settings = get_user_notification_settings(); + $notification_settings = get_user_notification_settings(page_owner()); ?> <h2><?php echo elgg_echo('notifications:usersettings'); ?></h2> diff --git a/views/default/user/settings/email.php b/views/default/user/settings/email.php index 6b14504c7..f8dfaecaa 100644 --- a/views/default/user/settings/email.php +++ b/views/default/user/settings/email.php @@ -10,7 +10,7 @@ * @link http://elgg.org/ */ - $user = $_SESSION['user']; + $user = page_owner_entity(); if ($user) { ?> diff --git a/views/default/user/settings/language.php b/views/default/user/settings/language.php index 0dbe66b26..43dc91e61 100644 --- a/views/default/user/settings/language.php +++ b/views/default/user/settings/language.php @@ -11,7 +11,7 @@ */ global $CONFIG; - $user = $_SESSION['user']; + $user = page_owner_entity(); if ($user) { ?> diff --git a/views/default/user/settings/name.php b/views/default/user/settings/name.php index 0faac2428..57b1a1050 100644 --- a/views/default/user/settings/name.php +++ b/views/default/user/settings/name.php @@ -10,7 +10,7 @@ * @link http://elgg.org/ */ - $user = $_SESSION['user']; + $user = page_owner_entity(); if ($user) { ?> diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php index b180609c6..a45fb621c 100644 --- a/views/default/user/settings/password.php +++ b/views/default/user/settings/password.php @@ -10,7 +10,7 @@ * @link http://elgg.org/ */ - $user = $_SESSION['user']; + $user = page_owner_entity(); if ($user) { ?> |