when people type in http://site.com/activity, did you want them to be redirected somewhere else?
no
when people type mydomain/elggdirectory then redirect to login if they are already not logged in.
because anybody can see all activity by typing http://myelggsite/installation-directory
You mentioned that you are using the Private River plugin. Try changing the code of the private_river_page_handler() function in this plugin's start.php to
function private_river_page_handler($page) {
if (!elgg_is_logged_in()) {
forward(REFERER);return false;
}
$page_type = elgg_extract(0, $page, false);
if (!$page_type) {
forward('activity/owner');
}
if ($page_type == 'owner') {
$page_type = 'mine';
}
set_input('page_type', $page_type);
// content filter code here
$entity_type = '';
$entity_subtype = '';
global $CONFIG;
require_once("{$CONFIG->path}pages/river.php");
}
The modification is highlighted in bold.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.