Send 403 to spiders accessing the social login

author Tim Düsterhus <duesterhus@woltlab.com>

Thu, 7 Jan 2021 13:07:17 +0000 (14:07 +0100)

committer Tim Düsterhus <duesterhus@woltlab.com>

Thu, 7 Jan 2021 15:49:56 +0000 (16:49 +0100)
author Tim Düsterhus <duesterhus@woltlab.com>
Thu, 7 Jan 2021 13:07:17 +0000 (14:07 +0100)
committer Tim Düsterhus <duesterhus@woltlab.com>
Thu, 7 Jan 2021 15:49:56 +0000 (16:49 +0100)
diff --git a/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php b/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php

index 39e0a8b9526020af265e05d6907613b7b071d47f..f9bee21f10d5313dcd0e888ad34a1a9749c4c55c 100644 (file)
--- a/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
+++ b/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
@@ -3,8 +3,8 @@ namespace wcf\action;
  use GuzzleHttp\ClientInterface;
  use GuzzleHttp\Psr7\Request;
  use ParagonIE\ConstantTime\Hex;
-use wcf\system\exception\IllegalLinkException;
  use wcf\system\exception\NamedUserException;
+use wcf\system\exception\PermissionDeniedException;
  use wcf\system\io\HttpFactory;
  use wcf\system\user\authentication\oauth\User as OauthUser;
  use wcf\system\WCF;
@@ -34,7 +34,7 @@ abstract class AbstractOauth2Action extends AbstractAction {
                 parent::readParameters();
                 
                 if (WCF::getSession()->spiderID) {
-                       throw new IllegalLinkException();
+                       throw new PermissionDeniedException();
                 }
         }
         
diff --git a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php

index 8c1d69d05055bcd59887f83e319e54583c1179d4..4a81e191900c5f08b38e04e790975755ecad87a1 100644 (file)
--- a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
@@ -2,12 +2,11 @@
  namespace wcf\action;
  use ParagonIE\ConstantTime\Hex;
  use wcf\data\user\User;
-use wcf\data\user\UserEditor;
  use wcf\system\exception\IllegalLinkException;
  use wcf\system\exception\NamedUserException;
+use wcf\system\exception\PermissionDeniedException;
  use wcf\system\exception\SystemException;
  use wcf\system\request\LinkHandler;
-use wcf\system\user\authentication\UserAuthenticationFactory;
  use wcf\system\WCF;
  use wcf\util\HeaderUtil;
  use wcf\util\HTTPRequest;
@@ -34,7 +33,7 @@ class TwitterAuthAction extends AbstractAction {
                 parent::readParameters();
                 
                 if (WCF::getSession()->spiderID) {
-                       throw new IllegalLinkException();
+                       throw new PermissionDeniedException();
                 }
         }
author	Tim Düsterhus <duesterhus@woltlab.com>
	Thu, 7 Jan 2021 13:07:17 +0000 (14:07 +0100)
committer	Tim Düsterhus <duesterhus@woltlab.com>
	Thu, 7 Jan 2021 15:49:56 +0000 (16:49 +0100)
wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php		patch \| blob \| blame \| history
wcfsetup/install/files/lib/action/TwitterAuthAction.class.php		patch \| blob \| blame \| history