From 37bb1997b95cab1dd6dbda975d4ad5120a2ba72a Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Mon, 4 Aug 2008 17:42:49 +0000
Subject: User changes to settings

git-svn-id: https://code.elgg.org/elgg/trunk@1690 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 settings/index.php                                    | 10 +++++++++-
 settings/statistics/index.php                         |  7 ++++++-
 settings/user/index.php                               |  6 +++++-
 views/default/notifications/settings/usersettings.php |  2 +-
 views/default/user/settings/email.php                 |  2 +-
 views/default/user/settings/language.php              |  2 +-
 views/default/user/settings/name.php                  |  2 +-
 views/default/user/settings/password.php              |  2 +-
 8 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/settings/index.php b/settings/index.php
index 5906ca842..041a06616 100644
--- a/settings/index.php
+++ b/settings/index.php
@@ -13,7 +13,15 @@
 	// Get the Elgg framework
 		require_once(dirname(dirname(__FILE__)) . "/engine/start.php");
 		
+		if (!page_owner())
+			set_page_owner($_SESSION['guid']);
+			
+	// Make sure we don't open a security hole ...
+		if (!page_owner_entity()->canEdit()) {
+			set_page_owner($_SESSION['guid']);
+		}
+		
 	// Forward to the user settings
-		forward('pg/settings/user');
+		forward('pg/settings/user?username=' . page_owner_entity()->username);
 		
 ?>
\ No newline at end of file
diff --git a/settings/statistics/index.php b/settings/statistics/index.php
index 52546956d..87d84a604 100644
--- a/settings/statistics/index.php
+++ b/settings/statistics/index.php
@@ -14,7 +14,12 @@
 		require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
 
 	// Make sure only valid admin users can see this
-		gatekeeper();
+		gatekeeper();
+		
+	// Make sure we don't open a security hole ...
+		if (!page_owner_entity()->canEdit()) {
+			set_page_owner($_SESSION['guid']);
+		}
 
 	// Display main admin menu
 		page_draw(elgg_echo("usersettings:statistics"),elgg_view_layout('two_column_left_sidebar','',elgg_view_title(elgg_echo("usersettings:statistics")) . elgg_view("usersettings/statistics")));
diff --git a/settings/user/index.php b/settings/user/index.php
index b86181308..35b3eed5d 100644
--- a/settings/user/index.php
+++ b/settings/user/index.php
@@ -15,7 +15,11 @@
 
 	// Make sure only valid admin users can see this
 		gatekeeper();
-		
+		
+	// Make sure we don't open a security hole ...
+		if (!page_owner_entity()->canEdit()) {
+			set_page_owner($_SESSION['guid']);
+		}
 
 	// Display main admin menu
 		page_draw(
diff --git a/views/default/notifications/settings/usersettings.php b/views/default/notifications/settings/usersettings.php
index 2792ccd4a..f1609d150 100644
--- a/views/default/notifications/settings/usersettings.php
+++ b/views/default/notifications/settings/usersettings.php
@@ -11,7 +11,7 @@
 	 */
 
 	global $NOTIFICATION_HANDLERS;
-	$notification_settings = get_user_notification_settings();
+	$notification_settings = get_user_notification_settings(page_owner());
 ?>
 	<h2><?php echo elgg_echo('notifications:usersettings'); ?></h2>
 	
diff --git a/views/default/user/settings/email.php b/views/default/user/settings/email.php
index 6b14504c7..f8dfaecaa 100644
--- a/views/default/user/settings/email.php
+++ b/views/default/user/settings/email.php
@@ -10,7 +10,7 @@
 	 * @link http://elgg.org/
 	 */
 
-	$user = $_SESSION['user'];
+	$user = page_owner_entity();
 	
 	if ($user) {
 ?>
diff --git a/views/default/user/settings/language.php b/views/default/user/settings/language.php
index 0dbe66b26..43dc91e61 100644
--- a/views/default/user/settings/language.php
+++ b/views/default/user/settings/language.php
@@ -11,7 +11,7 @@
 	 */
 
 	global $CONFIG;
-	$user = $_SESSION['user'];
+	$user = page_owner_entity();
 	
 	if ($user) {
 ?>
diff --git a/views/default/user/settings/name.php b/views/default/user/settings/name.php
index 0faac2428..57b1a1050 100644
--- a/views/default/user/settings/name.php
+++ b/views/default/user/settings/name.php
@@ -10,7 +10,7 @@
 	 * @link http://elgg.org/
 	 */
 
-	$user = $_SESSION['user'];
+	$user = page_owner_entity();
 	
 	if ($user) {
 ?>
diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php
index b180609c6..a45fb621c 100644
--- a/views/default/user/settings/password.php
+++ b/views/default/user/settings/password.php
@@ -10,7 +10,7 @@
 	 * @link http://elgg.org/
 	 */
 
-	$user = $_SESSION['user'];
+	$user = page_owner_entity();
 	
 	if ($user) {
 ?>
-- 
cgit v1.2.3