From 4c67adeeae7051b9f1ac8ea3d93497b757fd6c60 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 18 May 2022 15:22:50 +0200
Subject: [PATCH] Restrict access to `?action=WCFSetup` after successful
 installation

This action only exists to complete WCFSetup. It should be guarded by a check
an unfinished installation (`!PACKAGE_ID`) to prevent accesses in live
installation.
---
 wcfsetup/install/files/lib/acp/page/IndexPage.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/acp/page/IndexPage.class.php b/wcfsetup/install/files/lib/acp/page/IndexPage.class.php
index c0eed71c51..3eb1547bbd 100755
--- a/wcfsetup/install/files/lib/acp/page/IndexPage.class.php
+++ b/wcfsetup/install/files/lib/acp/page/IndexPage.class.php
@@ -206,7 +206,7 @@ class IndexPage extends AbstractPage
     public function show()
     {
         // check package installation queue
-        if ($this->action == 'WCFSetup') {
+        if (!\PACKAGE_ID && $this->action == 'WCFSetup') {
             $queueID = PackageInstallationDispatcher::checkPackageInstallationQueue();
 
             if ($queueID) {
-- 
2.20.1