From: Alexander Ebert <ebert@woltlab.com>
Date: Wed, 3 Jun 2015 17:08:43 +0000 (+0200)
Subject: Fixed blacklist improperly handling return value for Ajax requests
X-Git-Tag: 2.1.5~34
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fa75ccfb1a31522df794b948e20f2b07d5ef1808;p=GitHub%2FWoltLab%2FWCF.git

Fixed blacklist improperly handling return value for Ajax requests
---

diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php
index 9be9043f8b..1c88141080 100644
--- a/wcfsetup/install/files/lib/system/WCF.class.php
+++ b/wcfsetup/install/files/lib/system/WCF.class.php
@@ -385,28 +385,50 @@ class WCF {
 	 * Executes the blacklist.
 	 */
 	protected function initBlacklist() {
+		$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest');
+		
 		if (defined('BLACKLIST_IP_ADDRESSES') && BLACKLIST_IP_ADDRESSES != '') {
 			if (!StringUtil::executeWordFilter(UserUtil::convertIPv6To4(self::getSession()->ipAddress), BLACKLIST_IP_ADDRESSES)) {
-				throw new PermissionDeniedException();
+				if ($isAjax) {
+					throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+				}
+				else {
+					throw new PermissionDeniedException();
+				}
 			}
 			else if (!StringUtil::executeWordFilter(self::getSession()->ipAddress, BLACKLIST_IP_ADDRESSES)) {
-				throw new PermissionDeniedException();
+				if ($isAjax) {
+					throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+				}
+				else {
+					throw new PermissionDeniedException();
+				}
 			}
 		}
 		if (defined('BLACKLIST_USER_AGENTS') && BLACKLIST_USER_AGENTS != '') {
 			if (!StringUtil::executeWordFilter(self::getSession()->userAgent, BLACKLIST_USER_AGENTS)) {
-				throw new PermissionDeniedException();
+				if ($isAjax) {
+					throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+				}
+				else {
+					throw new PermissionDeniedException();
+				}
 			}
 		}
 		if (defined('BLACKLIST_HOSTNAMES') && BLACKLIST_HOSTNAMES != '') {
 			if (!StringUtil::executeWordFilter(@gethostbyaddr(self::getSession()->ipAddress), BLACKLIST_HOSTNAMES)) {
-				throw new PermissionDeniedException();
+				if ($isAjax) {
+					throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
+				}
+				else {
+					throw new PermissionDeniedException();
+				}
 			}
 		}
 		
 		// handle banned users
 		if (self::getUser()->userID && self::getUser()->banned) {
-			if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) {
+			if ($isAjax) {
 				throw new AJAXException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned'), AJAXException::INSUFFICIENT_PERMISSIONS);
 			}
 			else {