Validate if user exist.

main/messages/new_message.php

@@ -69,10 +69,11 @@ function show_compose_reply_to_message($message_id, $receiver_id)
     $table = Database::get_main_table(TABLE_MESSAGE);
     $query = "SELECT user_sender_id
               FROM $table
-              WHERE user_receiver_id = ".intval($receiver_id)." AND id='".intval($message_id)."';";
+              WHERE user_receiver_id = ".intval($receiver_id)." AND id = ".intval($message_id);
     $result = Database::query($query);
     $row = Database::fetch_array($result, 'ASSOC');
-    if (!isset($row['user_sender_id'])) {
+
+    if (empty($row['user_sender_id'])) {
         $html = get_lang('InvalidMessageId');
 
         return $html;

main/messages/view_message.php

@@ -1,8 +1,10 @@
 <?php
 /* For licensing terms, see /license.txt */
+
 /**
  * @package chamilo.messages
  */
+
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
 api_block_anonymous_users();
@@ -57,7 +59,7 @@ $message .= MessageManager::showMessageBox($messageId, $source);
 if (!empty($message)) {
     $social_right_content .= $message;
 } else {
-    api_not_allowed();
+    api_not_allowed(true);
 }
 $tpl = new Template(get_lang('View'));
 // Block Social Avatar