From 17c17807cc0b63d322d56acfae4f30399041cdb5 Mon Sep 17 00:00:00 2001 From: brettp Date: Fri, 16 Oct 2009 02:33:55 +0000 Subject: Standardized files git-svn-id: http://code.elgg.org/elgg/trunk@3553 36083f99-b078-4883-b0ff-0f9b5a30f544 --- settings/user.php | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) (limited to 'settings/user.php') diff --git a/settings/user.php b/settings/user.php index fdf055303..ae9dd5061 100644 --- a/settings/user.php +++ b/settings/user.php @@ -1,27 +1,26 @@ canEdit())) { - set_page_owner($_SESSION['guid']); - } +// Make sure only valid admin users can see this +gatekeeper(); - // Display main admin menu - page_draw( - elgg_echo("usersettings:user"), - elgg_view_layout("two_column_left_sidebar", '', elgg_view_title(elgg_echo('usersettings:user')) . elgg_view("usersettings/form")) - ); -?> \ No newline at end of file +// Make sure we don't open a security hole ... +if ((!page_owner_entity()) || (!page_owner_entity()->canEdit())) { + set_page_owner($_SESSION['guid']); +} + +// Display main admin menu +page_draw( + elgg_echo("usersettings:user"), + elgg_view_layout("two_column_left_sidebar", '', elgg_view_title(elgg_echo('usersettings:user')) . elgg_view("usersettings/form")) +); \ No newline at end of file -- cgit v1.2.3