aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--settings/index.php10
-rw-r--r--settings/statistics/index.php7
-rw-r--r--settings/user/index.php6
-rw-r--r--views/default/notifications/settings/usersettings.php2
-rw-r--r--views/default/user/settings/email.php2
-rw-r--r--views/default/user/settings/language.php2
-rw-r--r--views/default/user/settings/name.php2
-rw-r--r--views/default/user/settings/password.php2
8 files changed, 25 insertions, 8 deletions
diff --git a/settings/index.php b/settings/index.php
index 5906ca842..041a06616 100644
--- a/settings/index.php
+++ b/settings/index.php
@@ -13,7 +13,15 @@
// Get the Elgg framework
require_once(dirname(dirname(__FILE__)) . "/engine/start.php");
+ if (!page_owner())
+ set_page_owner($_SESSION['guid']);
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
+
// Forward to the user settings
- forward('pg/settings/user');
+ forward('pg/settings/user?username=' . page_owner_entity()->username);
?> \ No newline at end of file
diff --git a/settings/statistics/index.php b/settings/statistics/index.php
index 52546956d..87d84a604 100644
--- a/settings/statistics/index.php
+++ b/settings/statistics/index.php
@@ -14,7 +14,12 @@
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
// Make sure only valid admin users can see this
- gatekeeper();
+ gatekeeper();
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
// Display main admin menu
page_draw(elgg_echo("usersettings:statistics"),elgg_view_layout('two_column_left_sidebar','',elgg_view_title(elgg_echo("usersettings:statistics")) . elgg_view("usersettings/statistics")));
diff --git a/settings/user/index.php b/settings/user/index.php
index b86181308..35b3eed5d 100644
--- a/settings/user/index.php
+++ b/settings/user/index.php
@@ -15,7 +15,11 @@
// Make sure only valid admin users can see this
gatekeeper();
-
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
// Display main admin menu
page_draw(
diff --git a/views/default/notifications/settings/usersettings.php b/views/default/notifications/settings/usersettings.php
index 2792ccd4a..f1609d150 100644
--- a/views/default/notifications/settings/usersettings.php
+++ b/views/default/notifications/settings/usersettings.php
@@ -11,7 +11,7 @@
*/
global $NOTIFICATION_HANDLERS;
- $notification_settings = get_user_notification_settings();
+ $notification_settings = get_user_notification_settings(page_owner());
?>
<h2><?php echo elgg_echo('notifications:usersettings'); ?></h2>
diff --git a/views/default/user/settings/email.php b/views/default/user/settings/email.php
index 6b14504c7..f8dfaecaa 100644
--- a/views/default/user/settings/email.php
+++ b/views/default/user/settings/email.php
@@ -10,7 +10,7 @@
* @link http://elgg.org/
*/
- $user = $_SESSION['user'];
+ $user = page_owner_entity();
if ($user) {
?>
diff --git a/views/default/user/settings/language.php b/views/default/user/settings/language.php
index 0dbe66b26..43dc91e61 100644
--- a/views/default/user/settings/language.php
+++ b/views/default/user/settings/language.php
@@ -11,7 +11,7 @@
*/
global $CONFIG;
- $user = $_SESSION['user'];
+ $user = page_owner_entity();
if ($user) {
?>
diff --git a/views/default/user/settings/name.php b/views/default/user/settings/name.php
index 0faac2428..57b1a1050 100644
--- a/views/default/user/settings/name.php
+++ b/views/default/user/settings/name.php
@@ -10,7 +10,7 @@
* @link http://elgg.org/
*/
- $user = $_SESSION['user'];
+ $user = page_owner_entity();
if ($user) {
?>
diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php
index b180609c6..a45fb621c 100644
--- a/views/default/user/settings/password.php
+++ b/views/default/user/settings/password.php
@@ -10,7 +10,7 @@
* @link http://elgg.org/
*/
- $user = $_SESSION['user'];
+ $user = page_owner_entity();
if ($user) {
?>