1 files changed, 10 insertions, 4 deletions

diff --git a/lib/settingsaction.php b/lib/settingsaction.php
index fad6abaf1..2a80c0e31 100644
--- a/lib/settingsaction.php
+++ b/lib/settingsaction.php
@@ -26,6 +26,12 @@ class SettingsAction extends Action {
         if (!common_logged_in()) {
             common_user_error(_t('Not logged in.'));
             return;
+        } else if (!common_is_real_login()) {
+        	# Cookie theft means that automatic logins can't
+        	# change important settings or see private info, and
+        	# _all_ our settings are important
+            common_set_returnto($this->self_url());
+            common_redirect(common_local_url('login'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->handle_post();
         } else {
@@ -52,8 +58,8 @@ class SettingsAction extends Action {
     function settings_menu() {
         # action => array('prompt', 'title')
         static $menu =
-        array('profilesettings' => 
-              array('Profile', 
+        array('profilesettings' =>
+              array('Profile',
               		'Change your profile settings'),
             'avatar' =>
             array('Avatar',
@@ -62,12 +68,12 @@ class SettingsAction extends Action {
             array('Password',
                   'Change your password'),
             'openidsettings' =>
-            array('OpenID', 
+            array('OpenID',
                   'Add or remove OpenIDs'),
             'imsettings' =>
             array('IM',
                   'Updates by instant messenger (IM)'));
-                       
+
         $action = $this->trimmed('action');
         common_element_start('ul', array('id' => 'nav_views'));
         foreach ($menu as $menuaction => $menudesc) {