Index: modules/uc_addresses/uc_addresses.module
===================================================================
@@ -852,10 +852,6 @@
 
   $uid = $address_user->uid;
   $aid = $address ? $address->aid : 0;
-  $form_state['storage']['user'] = $address_user;
-  $form_state['storage']['address'] = $address;
-  $form_state['storage']['view'] = $view;
-
   // Get the panes to display
 
   $form['panes'] = array('#tree' => TRUE);
@@ -963,20 +959,30 @@
 function uc_addresses_get_address_form_submit($form, &$form_state) {
   global $user;
 
-  $address_user = $form_state['storage']['user'];
-  $address = $form_state['storage']['address'];
-  $view = $form_state['storage']['view'];
+  $uid = arg(1);
+  if (arg(3) == 'add') {
+    $view = 'add';
+    $aid = 0;
+  } else {
+    $view = 'edit';
+    $aid = arg(3);
+  }
+  $address = new stdClass();
+  $address->uid = $uid;
+  $address->aid = $aid;
+  // Not sure if permissions check nessisarily happens before here.
+  // Make sure users cann't edit other users addresses
+  if (!uc_addresses_can_add_edit_address($address)) {
+    drupal_set_message(t('Permissioned denied.'));
+    drupal_goto('user/'. $user->uid .'/addresses/');
+  }
+  
 
   if ($form_state['clicked_button']['#value'] == t('Delete address')) {
       cache_clear_all();
-      drupal_goto('user/'. $address_user->uid .'/addresses/' . $address->aid . '/delete');
+      drupal_goto('user/'. $uid .'/addresses/' . $aid . '/delete');
   }
 
-  if (!$address) {
-    $address = new stdClass();
-    $address->uid = $address_user->uid;
-  }
-
   $valid = TRUE;
   foreach (element_children($form_state['values']['panes']) as $pane_id) {
     $func = _address_pane_data($pane_id, 'callback');
@@ -993,7 +999,7 @@
     _uc_addresses_db_add_address($address);
   }
 
-  drupal_goto('user/'. $address_user->uid .'/addresses');
+  drupal_goto('user/'. $uid .'/addresses');
 }
 
 /**