From 9e377f9e006c20c98aa757f1c30228293651a404 Mon Sep 17 00:00:00 2001
From: Jeroen Dalsem <jdalsem@coldtrick.com>
Date: Wed, 3 Oct 2012 14:03:01 +0200
Subject: fixed incomplete forward url

---
 mod/messages/pages/messages/read.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'mod/messages')

diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php
index 19e3ecdd7..1a56399d3 100644
--- a/mod/messages/pages/messages/read.php
+++ b/mod/messages/pages/messages/read.php
@@ -8,8 +8,8 @@
 gatekeeper();
 
 $message = get_entity(get_input('guid'));
-if (!$message) {
-	forward('messages/inbox');
+if (!$message || !elgg_instanceof($message, "object", "messages")) {
+	forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username);
 }
 
 // mark the message as read
-- 
cgit v1.2.3


From b29dcc4b232bdf5f587fce31c2c271c1814c4392 Mon Sep 17 00:00:00 2001
From: Jeroen Dalsem <jdalsem@coldtrick.com>
Date: Wed, 3 Oct 2012 14:07:54 +0200
Subject: check for correct page_owner to prevent unwanted access to the page

---
 mod/messages/pages/messages/inbox.php | 9 +++++++--
 mod/messages/pages/messages/sent.php  | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

(limited to 'mod/messages')

diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php
index fdfc20c43..de5b8b231 100644
--- a/mod/messages/pages/messages/inbox.php
+++ b/mod/messages/pages/messages/inbox.php
@@ -8,8 +8,13 @@
 gatekeeper();
 
 $page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
-	register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+	$guid = 0;
+	if($page_owner){
+		$guid = $page_owner->getGUID();
+	}
+	register_error(elgg_echo("pageownerunavailable", array($guid)));
 	forward();
 }
 
diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php
index af06ab273..3d08cd5ee 100644
--- a/mod/messages/pages/messages/sent.php
+++ b/mod/messages/pages/messages/sent.php
@@ -8,8 +8,13 @@
 gatekeeper();
 
 $page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
-	register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+	$guid = 0;
+	if($page_owner){
+		$guid = $page_owner->getGUID();
+	}
+	register_error(elgg_echo("pageownerunavailable", array($guid)));
 	forward();
 }
 
-- 
cgit v1.2.3


From a050a89b56f47145a32a7f913c674cdf1f5b7bfc Mon Sep 17 00:00:00 2001
From: Matt Beckett <beck24@gmail.com>
Date: Thu, 4 Oct 2012 12:38:39 -0600
Subject: only present a reply button when the message can be replied to

---
 mod/messages/pages/messages/read.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'mod/messages')

diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php
index 19e3ecdd7..fd3b466a1 100644
--- a/mod/messages/pages/messages/read.php
+++ b/mod/messages/pages/messages/read.php
@@ -38,8 +38,9 @@ if ($inbox) {
 	);
 	$body_params = array('message' => $message);
 	$content .= elgg_view_form('messages/reply', $form_params, $body_params);
-
-	if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) {
+	$from_user = get_user($message->fromID);
+	
+	if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid() && $from_user) {
 		elgg_register_menu_item('title', array(
 			'name' => 'reply',
 			'href' => '#messages-reply-form',
-- 
cgit v1.2.3