Add special handling for AJAX requests failing reauth in ACP

Fixes #4053

diff --git a/wcfsetup/install/files/lib/system/WCFACP.class.php b/wcfsetup/install/files/lib/system/WCFACP.class.php
index 01401eab2af6e68b2502c0e0f69e7e30cdbd72b6..018707978fdaaa94a505cf55e807df08918395b5 100644 (file)
--- a/wcfsetup/install/files/lib/system/WCFACP.class.php
+++ b/wcfsetup/install/files/lib/system/WCFACP.class.php
@@ -178,8 +178,9 @@ class WCFACP extends WCF
 
                 exit;
             } else {
+                $isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
                 // work-around for AJAX-requests within ACP
-                if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
+                if ($isAjax) {
                     try {
                         WCF::getSession()->checkPermissions(['admin.general.canUseAcp']);
                     } catch (PermissionDeniedException $e) {
@@ -194,6 +195,13 @@ class WCFACP extends WCF
                 }
 
                 if (WCF::getSession()->needsReauthentication()) {
+                    if ($isAjax) {
+                        throw new AJAXException(
+                            self::getLanguage()->getDynamicVariable('wcf.user.reauthentication.explanation'),
+                            AJAXException::SESSION_EXPIRED
+                        );
+                    }
+
                     HeaderUtil::redirect(LinkHandler::getInstance()->getLink('Reauthentication', [
                         'url' => RouteHandler::getProtocol() . $_SERVER['HTTP_HOST'] . WCF::getSession()->requestURI,
                     ]));