Merge branch '3.0'

[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / page / AbstractAuthedPage.class.php

diff --git a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index 32ca6ac925c1e3f645c6905b10c7523c03572273..a9a3bca9994f913c59d4804281bc175d73f19de1 100644 (file)
--- a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@ -12,7 +12,7 @@ use wcf\util\StringUtil;
  * A missing token will be ignored, an invalid token results in a throw of a IllegalLinkException.
  * 
  * @author     Tim Duesterhus
- * @copyright  2001-2017 WoltLab GmbH
+ * @copyright  2001-2018 WoltLab GmbH
  * @license    GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @package    WoltLabSuite\Core\Page
  */
@@ -46,8 +46,8 @@ abstract class AbstractAuthedPage extends AbstractPage {
                        }
                        else {
                                $user = new User($userID);
-                               if (CryptoUtil::secureCompare($user->accessToken, $token)) {
-                                       // token is valid -> change user
+                               if (CryptoUtil::secureCompare($user->accessToken, $token) && !$user->banned) {
+                                       // token is valid and user is not banned -> change user
                                        SessionHandler::getInstance()->changeUser($user, true);
                                }
                                else {