From 9bda5425d8a1e33ce42ea11de12918706768c39b Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Sat, 23 Feb 2013 08:05:01 -0500
Subject: Fixes #5126 forwards on attempts to access someone else's settings
 page

---
 pages/settings/tools.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'pages/settings/tools.php')

diff --git a/pages/settings/tools.php b/pages/settings/tools.php
index daf381728..ed6b941c0 100644
--- a/pages/settings/tools.php
+++ b/pages/settings/tools.php
@@ -6,12 +6,13 @@
  * @subpackage Core
  */
 
-// Make sure only valid users can see this
+// Only logged in users
 gatekeeper();
 
 // Make sure we don't open a security hole ...
 if ((!elgg_get_page_owner_entity()) || (!elgg_get_page_owner_entity()->canEdit())) {
-	elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
+	register_error(elgg_echo('noaccess'));
+	forward('/');
 }
 
 $title = elgg_echo("usersettings:plugins");
-- 
cgit v1.2.3