Redirecting to the Canonical URL can lead to information disclosure, for example, if the URL contains the title of the object. Therefore, it is important to check the permissions before redirecting.
throw new PermissionDeniedException();
}
+ $this->checkModules();
+
+ $this->checkPermissions();
+
// check if current request URL matches the canonical URL
if ($this->canonicalURL && (empty($_POST) || $this->forceCanonicalURL)) {
$canonicalURL = Url::parse(\preg_replace('~[?&]s=[a-f0-9]{40}~', '', $this->canonicalURL));
$this->setActiveMenuItem();
- $this->checkModules();
-
- $this->checkPermissions();
-
$this->maybeSetPsr7Response(
$this->readData()
);