diff options
Diffstat (limited to 'settings')
-rw-r--r-- | settings/index.php | 10 | ||||
-rw-r--r-- | settings/statistics/index.php | 7 | ||||
-rw-r--r-- | settings/user/index.php | 6 |
3 files changed, 20 insertions, 3 deletions
diff --git a/settings/index.php b/settings/index.php index 5906ca842..041a06616 100644 --- a/settings/index.php +++ b/settings/index.php @@ -13,7 +13,15 @@ // Get the Elgg framework require_once(dirname(dirname(__FILE__)) . "/engine/start.php");
+ if (!page_owner())
+ set_page_owner($_SESSION['guid']);
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ }
+
// Forward to the user settings - forward('pg/settings/user');
+ forward('pg/settings/user?username=' . page_owner_entity()->username);
?>
\ No newline at end of file diff --git a/settings/statistics/index.php b/settings/statistics/index.php index 52546956d..87d84a604 100644 --- a/settings/statistics/index.php +++ b/settings/statistics/index.php @@ -14,7 +14,12 @@ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); // Make sure only valid admin users can see this - gatekeeper(); + gatekeeper();
+
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ } // Display main admin menu page_draw(elgg_echo("usersettings:statistics"),elgg_view_layout('two_column_left_sidebar','',elgg_view_title(elgg_echo("usersettings:statistics")) . elgg_view("usersettings/statistics"))); diff --git a/settings/user/index.php b/settings/user/index.php index b86181308..35b3eed5d 100644 --- a/settings/user/index.php +++ b/settings/user/index.php @@ -15,7 +15,11 @@ // Make sure only valid admin users can see this gatekeeper(); - +
+ // Make sure we don't open a security hole ...
+ if (!page_owner_entity()->canEdit()) {
+ set_page_owner($_SESSION['guid']);
+ } // Display main admin menu page_draw(
|