From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 10 Mar 2023 12:47:35 +0000 (+0100)
Subject: Check if the article is readable in Article::canEdit()
X-Git-Tag: 5.3.27~2^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2736baffe00b1de756368d60ac1221e7a9dc5254;p=GitHub%2FWoltLab%2FWCF.git

Check if the article is readable in Article::canEdit()

Previously an editor could access the contents of an inaccessible article by
directly navigating to the edit form.
---

diff --git a/wcfsetup/install/files/lib/data/article/Article.class.php b/wcfsetup/install/files/lib/data/article/Article.class.php
index fa470be48a..ba752e661a 100644
--- a/wcfsetup/install/files/lib/data/article/Article.class.php
+++ b/wcfsetup/install/files/lib/data/article/Article.class.php
@@ -122,6 +122,10 @@ class Article extends DatabaseObject implements ILinkableObject, IUserContent {
 	 * @since       5.2
 	 */
 	public function canEdit() {
+		if (!$this->canRead()) {
+			return false;
+		}
+
 		if (WCF::getSession()->getPermission('admin.content.article.canManageArticle')) {
 			return true; 
 		}