projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 487a8d0)
Disallow regular users from updating domain settings in enterprise mode
authorAlexander Ebert <ebert@woltlab.com>
Wed, 5 Jun 2024 10:32:49 +0000 (12:32 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Wed, 5 Jun 2024 10:32:49 +0000 (12:32 +0200)
wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php b/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
index ccceaa62061324e7f663714fd18f1708f5b37b9d..5886b9efcc4e35f0d3e7f84c5b807f92b520cc15 100644 (file)
--- a/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
@@ -192,6 +192,10 @@ final class RescueModeForm extends AbstractForm
         if (!WCF::getSession()->getPermission('admin.configuration.canManageApplication')) {
             throw new UserInputException('username', 'notAuthorized');
         }
+
+        if (ENABLE_ENTERPRISE_MODE && !WCF::getUser()->hasOwnerAccess()) {
+            throw new UserInputException('username', 'notAuthorized');
+        }
     }
 
     private function validateDomainName(): void
WoltLab Suite Core (previously WoltLab Community Framework)