From: Joshua Rüsweg Date: Sun, 23 Jun 2019 12:48:33 +0000 (+0200) Subject: Fix missing permission check for user profile containers X-Git-Tag: 5.2.0_Alpha_1~19^2^2~1 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3d927eb3aa96cb5f8ba8aa59aa77f51296fb5535;p=GitHub%2FWoltLab%2FWCF.git Fix missing permission check for user profile containers --- diff --git a/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php b/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php index eae832d3aa..5c96401a69 100644 --- a/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php +++ b/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php @@ -1,6 +1,8 @@ menuItem->getContentManager()->isVisible($this->parameters['data']['userID'])) { throw new PermissionDeniedException(); } + + $user = UserProfileRuntimeCache::getInstance()->getObject($this->parameters['data']['userID']); + + if ($user === null) { + throw new IllegalLinkException(); + } + + if ($user->isProtected()) { + throw new PermissionDeniedException(); + } } /**