diff options
-rw-r--r-- | actions/editgroup.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/actions/editgroup.php b/actions/editgroup.php index e0d4c0d03..82b78cc5c 100644 --- a/actions/editgroup.php +++ b/actions/editgroup.php @@ -72,9 +72,7 @@ class EditgroupAction extends Action return false; } - return true; - - $nickname_arg = $this->arg('nickname'); + $nickname_arg = $this->trimmed('nickname'); $nickname = common_canonical_nickname($nickname_arg); // Permanent redirect on non-canonical nickname @@ -97,6 +95,13 @@ class EditgroupAction extends Action return false; } + $cur = common_current_user(); + + if (!$cur->isAdmin($group)) { + $this->clientError(_('You must be an admin to edit the group'), 403); + return false; + } + return true; } |