aboutsummaryrefslogtreecommitdiff
path: root/settings
diff options
context:
space:
mode:
Diffstat (limited to 'settings')
-rw-r--r--settings/index.php10
-rw-r--r--settings/statistics/index.php7
-rw-r--r--settings/user/index.php6
3 files changed, 20 insertions, 3 deletions
diff --git a/settings/index.php b/settings/index.php
index 5906ca842..041a06616 100644
--- a/settings/index.php
+++ b/settings/index.php
@@ -13,7 +13,15 @@
// Get the Elgg framework
require_once(dirname(dirname(__FILE__)) . "/engine/start.php");
+ if (!page_owner())
+ set_page_owner($_SESSION['guid']);
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
+
// Forward to the user settings
- forward('pg/settings/user');
+ forward('pg/settings/user?username=' . page_owner_entity()->username);
?> \ No newline at end of file
diff --git a/settings/statistics/index.php b/settings/statistics/index.php
index 52546956d..87d84a604 100644
--- a/settings/statistics/index.php
+++ b/settings/statistics/index.php
@@ -14,7 +14,12 @@
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
// Make sure only valid admin users can see this
- gatekeeper();
+ gatekeeper();
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
// Display main admin menu
page_draw(elgg_echo("usersettings:statistics"),elgg_view_layout('two_column_left_sidebar','',elgg_view_title(elgg_echo("usersettings:statistics")) . elgg_view("usersettings/statistics")));
diff --git a/settings/user/index.php b/settings/user/index.php
index b86181308..35b3eed5d 100644
--- a/settings/user/index.php
+++ b/settings/user/index.php
@@ -15,7 +15,11 @@
// Make sure only valid admin users can see this
gatekeeper();
-
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
// Display main admin menu
page_draw(