diff --git a/actions/editgroup.php b/actions/editgroup.php index e0d4c0d036..82b78cc5c7 100644 --- a/actions/editgroup.php +++ b/actions/editgroup.php @@ -72,9 +72,7 @@ class EditgroupAction extends Action return false; } - return true; - - $nickname_arg = $this->arg('nickname'); + $nickname_arg = $this->trimmed('nickname'); $nickname = common_canonical_nickname($nickname_arg); // Permanent redirect on non-canonical nickname @@ -97,6 +95,13 @@ class EditgroupAction extends Action return false; } + $cur = common_current_user(); + + if (!$cur->isAdmin($group)) { + $this->clientError(_('You must be an admin to edit the group'), 403); + return false; + } + return true; }