From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 18 May 2022 13:22:50 +0000 (+0200)
Subject: Restrict access to `?action=WCFSetup` after successful installation
X-Git-Tag: 5.5.0_Beta_3~11
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4c67adeeae7051b9f1ac8ea3d93497b757fd6c60;p=GitHub%2FWoltLab%2FWCF.git

Restrict access to `?action=WCFSetup` after successful installation

This action only exists to complete WCFSetup. It should be guarded by a check
an unfinished installation (`!PACKAGE_ID`) to prevent accesses in live
installation.
---

diff --git a/wcfsetup/install/files/lib/acp/page/IndexPage.class.php b/wcfsetup/install/files/lib/acp/page/IndexPage.class.php
index c0eed71c51..3eb1547bbd 100755
--- a/wcfsetup/install/files/lib/acp/page/IndexPage.class.php
+++ b/wcfsetup/install/files/lib/acp/page/IndexPage.class.php
@@ -206,7 +206,7 @@ class IndexPage extends AbstractPage
     public function show()
     {
         // check package installation queue
-        if ($this->action == 'WCFSetup') {
+        if (!\PACKAGE_ID && $this->action == 'WCFSetup') {
             $queueID = PackageInstallationDispatcher::checkPackageInstallationQueue();
 
             if ($queueID) {