From 8d9ef94c28b99f60c1cad79d54b5a324bffb2ebf Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 29 Apr 2008 14:49:30 +0000
Subject: Sledgehammer tactics on can_edit_extender

git-svn-id: https://code.elgg.org/elgg/trunk@559 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/extender.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'engine/lib/extender.php')

diff --git a/engine/lib/extender.php b/engine/lib/extender.php
index 7cbc647af..5858d6432 100644
--- a/engine/lib/extender.php
+++ b/engine/lib/extender.php
@@ -275,6 +275,9 @@
 	 */
 	function can_edit_extender($extender_id, $type, $user_guid = 0) {
 		
+		if (!isloggedin())
+			return false;
+		
 		if ($user_guid == 0) {
 			if (isset($_SESSION['user'])) {
 				$user = $_SESSION['user'];
@@ -290,6 +293,8 @@
 			$extender = $functionname($extender_id);
 		} else return false;
 		
+		if (!is_a($extender,"ElggExtender")) return false;
+		
 		// If the owner is the specified user, great! They can edit.
 		if ($extender->getOwner() == $user->getGUID()) return true;
 		
-- 
cgit v1.2.3