Do not allow any backdoors for Visitor to get into his account. Fixes bug #11572.

docs/changelog/7.x.x.txt

@@ -17,6 +17,7 @@
  - fixed #11567: EMS: Build badge page, ticket tab, pagination
  - added: a new inbox setting which supresses friend rejection notices
  - fixed #11552: Visitors (and others) can bypass group-by-IP restrictions
+ - fixed #11572: visitors can enter editProfile
 
 7.9.4
  - We're shipping underscore.js now for its suite of extremely handy utility

lib/WebGUI/Operation/Profile.pm

@@ -185,6 +185,7 @@ A reference to the current session.
 
 sub www_editProfile {
 	my $session  = shift;
+    return $session->privilege->insufficient if $session->user->isVisitor;
     my $instance = WebGUI::Content::Account->createInstance($session,"profile");
     return $instance->displayContent($instance->callMethod("edit"));
 }