From: Alexander Ebert Date: Thu, 13 Oct 2011 18:12:42 +0000 (+0200) Subject: By default, guests may not access actions X-Git-Tag: 2.0.0_Beta_1~1684^2~8 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fca077a6cbdc2b512c5b7a3bfd2515a7a073fa14;p=GitHub%2FWoltLab%2FWCF.git By default, guests may not access actions --- diff --git a/wcfsetup/install/files/lib/data/AbstractDatabaseObjectAction.class.php b/wcfsetup/install/files/lib/data/AbstractDatabaseObjectAction.class.php index add8819da9..5242b3885b 100644 --- a/wcfsetup/install/files/lib/data/AbstractDatabaseObjectAction.class.php +++ b/wcfsetup/install/files/lib/data/AbstractDatabaseObjectAction.class.php @@ -72,6 +72,12 @@ abstract class AbstractDatabaseObjectAction implements IDatabaseObjectAction { */ protected $returnValues = null; + /** + * disallow guest access + * @var boolean + */ + protected $allowGuestAccess = false; + /** * Initialized a new DatabaseObject-related action. * @@ -92,6 +98,11 @@ abstract class AbstractDatabaseObjectAction implements IDatabaseObjectAction { * @see wcf\data\IDatabaseObjectAction::validateAction() */ public function validateAction() { + // validate if user is logged in + if (!$this->allowGuestAccess && !WCF::getUser()->userID) { + throw new ValidateActionException("Please login before executing this action"); + } + // validate action name if (!method_exists($this, $this->getActionName())) { throw new ValidateActionException("unknown action '".$this->getActionName()."'");