Fixed permission check

diff --git a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php
index e6d9f2f8f3ca50662636899397ff045b11a6bec6..f9efe4805b4fff1b3929e737d623d6ebdd147119 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php
+++ b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php
@@ -2,7 +2,7 @@
 namespace wcf\system\user\activity\event;
 use wcf\data\comment\response\CommentResponseList;
 use wcf\data\comment\CommentList;
-use wcf\data\user\UserList;
+use wcf\data\user\UserProfileList;
 use wcf\system\user\activity\event\IUserActivityEvent;
 use wcf\system\SingletonFactory;
 use wcf\system\WCF;
@@ -52,7 +52,7 @@ class ProfileCommentResponseUserActivityEvent extends SingletonFactory implement
                        $userIDs[] = $comment->userID;
                }
                if (!empty($userIDs)) {
-                       $userList = new UserList();
+                       $userList = new UserProfileList();
                        $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs));
                        $userList->readObjects();
                        $users = $userList->getObjects();
@@ -63,7 +63,7 @@ class ProfileCommentResponseUserActivityEvent extends SingletonFactory implement
                        if (isset($responses[$event->objectID])) {
                                $response = $responses[$event->objectID];
                                $comment = $comments[$response->commentID];
-                               if (isset($users[$comment->objectID]) && isset($users[$comment->userID])) {
+                               if (isset($users[$comment->objectID]) && isset($users[$comment->userID]) && !$users[$comment->objectID]->isProtected()) {
                                        $event->setIsAccessible();
                                        
                                        // title

diff --git a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php
index 971f42452bf3da3b1986bba0416d057e4ea23aff..fbbd94ed7fcdae91823889f9d1833fc8f924cd48 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php
+++ b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php
@@ -1,7 +1,7 @@
 <?php
 namespace wcf\system\user\activity\event;
 use wcf\data\comment\CommentList;
-use wcf\data\user\UserList;
+use wcf\data\user\UserProfileList;
 use wcf\system\user\activity\event\IUserActivityEvent;
 use wcf\system\SingletonFactory;
 use wcf\system\WCF;
@@ -38,7 +38,7 @@ class ProfileCommentUserActivityEvent extends SingletonFactory implements IUserA
                        $userIDs[] = $comment->objectID;
                }
                if (!empty($userIDs)) {
-                       $userList = new UserList();
+                       $userList = new UserProfileList();
                        $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs));
                        $userList->readObjects();
                        $users = $userList->getObjects();
@@ -49,7 +49,7 @@ class ProfileCommentUserActivityEvent extends SingletonFactory implements IUserA
                        if (isset($comments[$event->objectID])) {
                                // short output
                                $comment = $comments[$event->objectID];
-                               if (isset($users[$comment->objectID])) {
+                               if (isset($users[$comment->objectID]) && !$users[$comment->objectID]->isProtected()) {
                                        $event->setIsAccessible();
                                        
                                        $user = $users[$comment->objectID];