aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--mod/messages/start.php17
1 files changed, 12 insertions, 5 deletions
diff --git a/mod/messages/start.php b/mod/messages/start.php
index e17640098..5503a675a 100644
--- a/mod/messages/start.php
+++ b/mod/messages/start.php
@@ -74,23 +74,30 @@ function messages_init() {
*/
function messages_page_handler($page) {
+ $current_user = elgg_get_logged_in_user_entity();
+ if (!$current_user) {
+ register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward('');
+ }
+
elgg_load_library('elgg:messages');
- elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . elgg_get_logged_in_user_entity()->username);
+ elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . $current_user->username);
if (!isset($page[0])) {
$page[0] = 'inbox';
}
- // supporting the old inbox url /messages/<username>
- $user = get_user_by_username($page[0]);
- if ($user) {
+ // Support the old inbox url /messages/<username>, but only if it matches the logged in user.
+ // Otherwise having a username like "read" on the system could confuse this function.
+ if ($current_user->username === $page[0]) {
$page[1] = $page[0];
$page[0] = 'inbox';
}
if (!isset($page[1])) {
- $page[1] = elgg_get_logged_in_user_entity()->username;
+ $page[1] = $current_user->username;
}
$base_dir = elgg_get_plugins_path() . 'messages/pages/messages';