Check if the article is readable in Article::canEdit()

Previously an editor could access the contents of an inaccessible article by
directly navigating to the edit form.

diff --git a/wcfsetup/install/files/lib/data/article/Article.class.php b/wcfsetup/install/files/lib/data/article/Article.class.php
index fa470be48a17f40f8c7d110c30a1fab383589d70..ba752e661af347473393f24847926066daf47b94 100644 (file)
--- a/wcfsetup/install/files/lib/data/article/Article.class.php
+++ b/wcfsetup/install/files/lib/data/article/Article.class.php
@@ -122,6 +122,10 @@ class Article extends DatabaseObject implements ILinkableObject, IUserContent {
         * @since       5.2
         */
        public function canEdit() {
+               if (!$this->canRead()) {
+                       return false;
+               }
+
                if (WCF::getSession()->getPermission('admin.content.article.canManageArticle')) {
                        return true; 
                }