From: Marcel Werk <burntime@woltlab.com>
Date: Wed, 19 Apr 2017 17:14:00 +0000 (+0200)
Subject: Impoved validation of parent page id to prevent infinite loop
X-Git-Tag: 3.0.5~59
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=da96b5335e4699d05e843eda1658ca41b5435ef7;p=GitHub%2FWoltLab%2FWCF.git

Impoved validation of parent page id to prevent infinite loop
---

diff --git a/wcfsetup/install/files/lib/acp/form/PageEditForm.class.php b/wcfsetup/install/files/lib/acp/form/PageEditForm.class.php
index 0aee81208f..f0220ec032 100644
--- a/wcfsetup/install/files/lib/acp/form/PageEditForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/PageEditForm.class.php
@@ -2,6 +2,7 @@
 namespace wcf\acp\form;
 use wcf\data\page\Page;
 use wcf\data\page\PageAction;
+use wcf\data\page\PageCache;
 use wcf\form\AbstractForm;
 use wcf\system\acl\simple\SimpleAclHandler;
 use wcf\system\exception\IllegalLinkException;
@@ -107,6 +108,20 @@ class PageEditForm extends PageAddForm {
 		}
 		else {
 			parent::validateParentPageID();
+			
+			if ($this->parentPageID) {
+				if ($this->parentPageID == $this->pageID) {
+					throw new UserInputException('parentPageID', 'invalid');
+				}
+				
+				$page = PageCache::getInstance()->getPage($this->parentPageID);
+				while ($page->parentPageID !== null) {
+					$page = PageCache::getInstance()->getPage($page->parentPageID);
+					if ($page->pageID == $this->pageID) {
+						throw new UserInputException('parentPageID', 'invalid');
+					}
+				}
+			}
 		}
 	}