From 235cc9339e15ac399bfa9557da0eeef587c7743e Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Wed, 5 Jun 2024 12:32:49 +0200
Subject: [PATCH] Disallow regular users from updating domain settings in
 enterprise mode

---
 wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php b/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
index ccceaa6206..5886b9efcc 100644
--- a/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
@@ -192,6 +192,10 @@ final class RescueModeForm extends AbstractForm
         if (!WCF::getSession()->getPermission('admin.configuration.canManageApplication')) {
             throw new UserInputException('username', 'notAuthorized');
         }
+
+        if (ENABLE_ENTERPRISE_MODE && !WCF::getUser()->hasOwnerAccess()) {
+            throw new UserInputException('username', 'notAuthorized');
+        }
     }
 
     private function validateDomainName(): void
-- 
2.20.1