From 3d927eb3aa96cb5f8ba8aa59aa77f51296fb5535 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Joshua=20R=C3=BCsweg?= <ruesweg@woltlab.com>
Date: Sun, 23 Jun 2019 14:48:33 +0200
Subject: [PATCH] Fix missing permission check for user profile containers

---
 .../menu/item/UserProfileMenuItemAction.class.php    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php b/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php
index eae832d3aa..5c96401a69 100644
--- a/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/profile/menu/item/UserProfileMenuItemAction.class.php
@@ -1,6 +1,8 @@
 <?php
 namespace wcf\data\user\profile\menu\item;
 use wcf\data\AbstractDatabaseObjectAction;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\exception\UserInputException;
 use wcf\system\menu\user\profile\UserProfileMenu;
@@ -44,6 +46,16 @@ class UserProfileMenuItemAction extends AbstractDatabaseObjectAction {
 		if (!$this->menuItem->getContentManager()->isVisible($this->parameters['data']['userID'])) {
 			throw new PermissionDeniedException();
 		}
+		
+		$user = UserProfileRuntimeCache::getInstance()->getObject($this->parameters['data']['userID']);
+		
+		if ($user === null) {
+			throw new IllegalLinkException();
+		}
+		
+		if ($user->isProtected()) {
+			throw new PermissionDeniedException();
+		}
 	}
 	
 	/**
-- 
2.20.1