From 9bda5425d8a1e33ce42ea11de12918706768c39b Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Sat, 23 Feb 2013 08:05:01 -0500
Subject: Fixes #5126 forwards on attempts to access someone else's settings
 page

---
 pages/settings/account.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'pages/settings/account.php')

diff --git a/pages/settings/account.php b/pages/settings/account.php
index 1bf71973b..962e1fc37 100644
--- a/pages/settings/account.php
+++ b/pages/settings/account.php
@@ -11,7 +11,8 @@ gatekeeper();
 
 // Make sure we don't open a security hole ...
 if ((!elgg_get_page_owner_entity()) || (!elgg_get_page_owner_entity()->canEdit())) {
-	elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
+	register_error(elgg_echo('noaccess'));
+	forward('/');
 }
 
 $title = elgg_echo('usersettings:user');
-- 
cgit v1.2.3