Do not allow setting an inaccessible category in ArticleAction::validateSetCategory()

diff --git a/wcfsetup/install/files/lib/data/article/ArticleAction.class.php b/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
index d44c02325cfa5d675090e9b210a0edc12d4b3a98..172b265c16c6393f5973640b9607f8140b37ea30 100644 (file)
--- a/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
+++ b/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
@@ -632,7 +632,11 @@ class ArticleAction extends AbstractDatabaseObjectAction {
                }
                
                $this->readInteger('categoryID');
-               if (ArticleCategory::getCategory($this->parameters['categoryID']) === null) {
+               $category = ArticleCategory::getCategory($this->parameters['categoryID']);
+               if ($category === null) {
+                       throw new UserInputException('categoryID');
+               }
+               if (!$category->isAccessible()) {
                        throw new UserInputException('categoryID');
                }
        }