Fixed blacklist improperly handling return value for Ajax requests
authorAlexander Ebert <ebert@woltlab.com>
Wed, 3 Jun 2015 17:08:43 +0000 (19:08 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Wed, 3 Jun 2015 17:08:43 +0000 (19:08 +0200)
wcfsetup/install/files/lib/system/WCF.class.php

index 9be9043f8bd838c12e709f4dabcf360e3308d1a6..1c881410802fe48d9c68cee8a624bc1bc73b6ee4 100644 (file)
@@ -385,28 +385,50 @@ class WCF {
         * Executes the blacklist.
         */
        protected function initBlacklist() {
+               $isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest');
+               
                if (defined('BLACKLIST_IP_ADDRESSES') && BLACKLIST_IP_ADDRESSES != '') {
                        if (!StringUtil::executeWordFilter(UserUtil::convertIPv6To4(self::getSession()->ipAddress), BLACKLIST_IP_ADDRESSES)) {
-                               throw new PermissionDeniedException();
+                               if ($isAjax) {
+                                       throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+                               }
+                               else {
+                                       throw new PermissionDeniedException();
+                               }
                        }
                        else if (!StringUtil::executeWordFilter(self::getSession()->ipAddress, BLACKLIST_IP_ADDRESSES)) {
-                               throw new PermissionDeniedException();
+                               if ($isAjax) {
+                                       throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+                               }
+                               else {
+                                       throw new PermissionDeniedException();
+                               }
                        }
                }
                if (defined('BLACKLIST_USER_AGENTS') && BLACKLIST_USER_AGENTS != '') {
                        if (!StringUtil::executeWordFilter(self::getSession()->userAgent, BLACKLIST_USER_AGENTS)) {
-                               throw new PermissionDeniedException();
+                               if ($isAjax) {
+                                       throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+                               }
+                               else {
+                                       throw new PermissionDeniedException();
+                               }
                        }
                }
                if (defined('BLACKLIST_HOSTNAMES') && BLACKLIST_HOSTNAMES != '') {
                        if (!StringUtil::executeWordFilter(@gethostbyaddr(self::getSession()->ipAddress), BLACKLIST_HOSTNAMES)) {
-                               throw new PermissionDeniedException();
+                               if ($isAjax) {
+                                       throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+                               }
+                               else {
+                                       throw new PermissionDeniedException();
+                               }
                        }
                }
                
                // handle banned users
                if (self::getUser()->userID && self::getUser()->banned) {
-                       if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) {
+                       if ($isAjax) {
                                throw new AJAXException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned'), AJAXException::INSUFFICIENT_PERMISSIONS);
                        }
                        else {