Check for a logged in user in ReauthenticationForm

needsReauthentication() may only be called for logged in users.

diff --git a/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php b/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php
index 7667be542e2a441cb8712a3fd6955d755af3e5bd..5d3c9c9ab0483f7c80bbfeebd6f216381b67cbe2 100644 (file)
--- a/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php
+++ b/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php
@@ -3,6 +3,7 @@ namespace wcf\form;
 use wcf\form\AbstractFormBuilderForm;
 use wcf\system\application\ApplicationHandler;
 use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
 use wcf\system\form\builder\field\user\UserPasswordField;
 use wcf\system\form\builder\TemplateFormNode;
 use wcf\system\request\LinkHandler;
@@ -44,6 +45,10 @@ class ReauthenticationForm extends AbstractFormBuilderForm {
                        throw new IllegalLinkException();
                }
                
+               if (!WCF::getUser()->userID) {
+                       throw new PermissionDeniedException();
+               }
+               
                if (!WCF::getSession()->needsReauthentication()) {
                        $this->performRedirect();
                }