aboutsummaryrefslogtreecommitdiff
path: root/mod/notifications/actions/save.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/notifications/actions/save.php')
-rw-r--r--mod/notifications/actions/save.php17
1 files changed, 11 insertions, 6 deletions
diff --git a/mod/notifications/actions/save.php b/mod/notifications/actions/save.php
index f8b533d23..3fe0001a3 100644
--- a/mod/notifications/actions/save.php
+++ b/mod/notifications/actions/save.php
@@ -4,15 +4,20 @@
* Elgg notifications
*
* @package ElggNotifications
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2010
- * @link http://elgg.com/
*/
-$user = get_loggedin_user();
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
global $NOTIFICATION_HANDLERS;
+$subscriptions = array();
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');
@@ -35,4 +40,4 @@ foreach($subscriptions as $key => $subscription) {
system_message(elgg_echo('notifications:subscriptions:success'));
-forward($_SERVER['HTTP_REFERER']);
+forward(REFERER);
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-15 14:39:21 +0000