From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 11 Feb 2020 10:32:41 +0000 (+0100)
Subject: Properly handle userIDs referring to non-existent users in AbstractAuthedPage
X-Git-Tag: 5.2.3~34
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=629b7ccee6e9f2aad581645407b86252983f799b;p=GitHub%2FWoltLab%2FWCF.git

Properly handle userIDs referring to non-existent users in AbstractAuthedPage

This commit completes 33989f299121bfb3b82c40f3257f404fc23b3c1c.
---

diff --git a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index 995768b09f..86ec3056f4 100644
--- a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@ -47,7 +47,7 @@ abstract class AbstractAuthedPage extends AbstractPage {
 				}
 				else {
 					$user = new User($userID);
-					if (\hash_equals($user->accessToken, $token) && !$user->banned) {
+					if ($user->userID && $user->accessToken && \hash_equals($user->accessToken, $token) && !$user->banned) {
 						// token is valid and user is not banned -> change user
 						SessionHandler::getInstance()->changeUser($user, true);
 					}