From 7449486aa2917713b941b2e67872ace68492fbcb Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 9 Mar 2022 10:39:36 +0100
Subject: [PATCH] Validate that the userID matches a user in
 UserTrophyAction::validateGetGroupedUserTrophyList()

---
 .../files/lib/data/user/trophy/UserTrophyAction.class.php     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php b/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php
index d3adf4cb77..3ca172f078 100644
--- a/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/trophy/UserTrophyAction.class.php
@@ -8,6 +8,7 @@ use wcf\system\cache\runtime\UserProfileRuntimeCache;
 use wcf\system\database\util\PreparedStatementConditionBuilder;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
+use wcf\system\exception\UserInputException;
 use wcf\system\user\activity\event\UserActivityEventHandler;
 use wcf\system\user\notification\object\UserTrophyNotificationObject;
 use wcf\system\user\notification\UserNotificationHandler;
@@ -173,6 +174,9 @@ class UserTrophyAction extends AbstractDatabaseObjectAction {
 		$this->readInteger('userID');
 		
 		$this->userProfile = UserProfileRuntimeCache::getInstance()->getObject($this->parameters['userID']);
+		if (!$this->userProfile) {
+			throw new UserInputException('userID');
+		}
 		if (!$this->userProfile->isAccessible('canViewTrophies') && !($this->userProfile->userID == WCF::getSession()->userID)) {
 			throw new PermissionDeniedException();
 		}
-- 
2.20.1