3 files changed, 20 insertions, 3 deletions

diff --git a/settings/index.php b/settings/index.php
index 5906ca842..041a06616 100644
--- a/settings/index.php
+++ b/settings/index.php
@@ -13,7 +13,15 @@
 	// Get the Elgg framework
 		require_once(dirname(dirname(__FILE__)) . "/engine/start.php");

 		

+		if (!page_owner())

+			set_page_owner($_SESSION['guid']);

+			

+	// Make sure we don't open a security hole ...

+		if (!page_owner_entity()->canEdit()) {

+			set_page_owner($_SESSION['guid']);

+		}

+		

 	// Forward to the user settings
-		forward('pg/settings/user');

+		forward('pg/settings/user?username=' . page_owner_entity()->username);

 		
 ?>
\ No newline at end of file
diff --git a/settings/statistics/index.php b/settings/statistics/index.php
index 52546956d..87d84a604 100644
--- a/settings/statistics/index.php
+++ b/settings/statistics/index.php
@@ -14,7 +14,12 @@
 		require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
 
 	// Make sure only valid admin users can see this
-		gatekeeper();
+		gatekeeper();

+		

+	// Make sure we don't open a security hole ...

+		if (!page_owner_entity()->canEdit()) {

+			set_page_owner($_SESSION['guid']);

+		}
 
 	// Display main admin menu
 		page_draw(elgg_echo("usersettings:statistics"),elgg_view_layout('two_column_left_sidebar','',elgg_view_title(elgg_echo("usersettings:statistics")) . elgg_view("usersettings/statistics")));
diff --git a/settings/user/index.php b/settings/user/index.php
index b86181308..35b3eed5d 100644
--- a/settings/user/index.php
+++ b/settings/user/index.php
@@ -15,7 +15,11 @@
 
 	// Make sure only valid admin users can see this
 		gatekeeper();
-		
+		

+	// Make sure we don't open a security hole ...

+		if (!page_owner_entity()->canEdit()) {

+			set_page_owner($_SESSION['guid']);

+		}
 
 	// Display main admin menu
 		page_draw(