Security: Ensure that is the current user whose data is modified

Author: AngelFQC

main/auth/profile.php

@@ -449,6 +449,7 @@ function show_image(image,width,height) {
 
     $wrong_current_password = false;
     $user_data = $form->getSubmitValues(1);
+    $user_data['item_id'] = api_get_user_id();
     /** @var User $user */
     $user = UserManager::getRepository()->find(api_get_user_id());