aboutsummaryrefslogtreecommitdiff
path: root/mod/notifications/actions/save.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/notifications/actions/save.php')
-rw-r--r--mod/notifications/actions/save.php11
1 files changed, 10 insertions, 1 deletions
diff --git a/mod/notifications/actions/save.php b/mod/notifications/actions/save.php
index 163b656aa..3fe0001a3 100644
--- a/mod/notifications/actions/save.php
+++ b/mod/notifications/actions/save.php
@@ -6,9 +6,18 @@
* @package ElggNotifications
*/
-$user = elgg_get_logged_in_user_entity();
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
global $NOTIFICATION_HANDLERS;
+$subscriptions = array();
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 23:54:19 +0000