From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 8 Jan 2021 15:51:44 +0000 (+0100)
Subject: Check for a logged in user in ReauthenticationForm
X-Git-Tag: 5.4.0_Alpha_1~465
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6b2df51656a6312bc63432b9612157cf6d213f79;p=GitHub%2FWoltLab%2FWCF.git

Check for a logged in user in ReauthenticationForm

needsReauthentication() may only be called for logged in users.
---

diff --git a/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php b/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php
index 7667be542e..5d3c9c9ab0 100644
--- a/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php
+++ b/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php
@@ -3,6 +3,7 @@ namespace wcf\form;
 use wcf\form\AbstractFormBuilderForm;
 use wcf\system\application\ApplicationHandler;
 use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\PermissionDeniedException;
 use wcf\system\form\builder\field\user\UserPasswordField;
 use wcf\system\form\builder\TemplateFormNode;
 use wcf\system\request\LinkHandler;
@@ -44,6 +45,10 @@ class ReauthenticationForm extends AbstractFormBuilderForm {
 			throw new IllegalLinkException();
 		}
 		
+		if (!WCF::getUser()->userID) {
+			throw new PermissionDeniedException();
+		}
+		
 		if (!WCF::getSession()->needsReauthentication()) {
 			$this->performRedirect();
 		}