From 6b2df51656a6312bc63432b9612157cf6d213f79 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Fri, 8 Jan 2021 16:51:44 +0100 Subject: [PATCH] Check for a logged in user in ReauthenticationForm needsReauthentication() may only be called for logged in users. --- .../install/files/lib/form/ReauthenticationForm.class.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php b/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php index 7667be542e..5d3c9c9ab0 100644 --- a/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php +++ b/wcfsetup/install/files/lib/form/ReauthenticationForm.class.php @@ -3,6 +3,7 @@ namespace wcf\form; use wcf\form\AbstractFormBuilderForm; use wcf\system\application\ApplicationHandler; use wcf\system\exception\IllegalLinkException; +use wcf\system\exception\PermissionDeniedException; use wcf\system\form\builder\field\user\UserPasswordField; use wcf\system\form\builder\TemplateFormNode; use wcf\system\request\LinkHandler; @@ -44,6 +45,10 @@ class ReauthenticationForm extends AbstractFormBuilderForm { throw new IllegalLinkException(); } + if (!WCF::getUser()->userID) { + throw new PermissionDeniedException(); + } + if (!WCF::getSession()->needsReauthentication()) { $this->performRedirect(); } -- 2.20.1