From 8efdfb59079c4966213de46979d37a20da46abd3 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 14 Oct 2012 18:03:35 +0200
Subject: [PATCH] Fixed creepy exceptions if user cannot access ACP via AJAX

Furthermore disabled the search box if user cannot access the ACP
---
 wcfsetup/install/files/acp/templates/header.tpl   | 12 +++++++-----
 .../install/files/lib/system/WCFACP.class.php     | 15 ++++++++++++++-
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/wcfsetup/install/files/acp/templates/header.tpl b/wcfsetup/install/files/acp/templates/header.tpl
index 8de5bc1bff..46af20d5d9 100644
--- a/wcfsetup/install/files/acp/templates/header.tpl
+++ b/wcfsetup/install/files/acp/templates/header.tpl
@@ -120,11 +120,13 @@
 						</ul>
 						
 						<!-- search area -->
-						<aside id="search" class="searchBar">
-							<form method="post" action="{link controller='Search'}{/link}">
-								<input type="search" name="q" placeholder="{lang}wcf.global.search.enterSearchTerm{/lang}" value="" />
-							</form>
-						</aside>
+						{if $__wcf->getSession()->getPermission('admin.general.canUseAcp')}
+							<aside id="search" class="searchBar">
+								<form method="post" action="{link controller='Search'}{/link}">
+									<input type="search" name="q" placeholder="{lang}wcf.global.search.enterSearchTerm{/lang}" value="" />
+								</form>
+							</aside>
+						{/if}
 						<!-- /search area -->
 					</div>
 				</nav>
diff --git a/wcfsetup/install/files/lib/system/WCFACP.class.php b/wcfsetup/install/files/lib/system/WCFACP.class.php
index 780dea2b83..c09eb4ba22 100644
--- a/wcfsetup/install/files/lib/system/WCFACP.class.php
+++ b/wcfsetup/install/files/lib/system/WCFACP.class.php
@@ -2,6 +2,8 @@
 namespace wcf\system;
 use wcf\system\application\ApplicationHandler;
 use wcf\system\cache\CacheHandler;
+use wcf\system\exception\AJAXException;
+use wcf\system\exception\PermissionDeniedException;
 use wcf\system\request\RouteHandler;
 use wcf\system\session\ACPSessionFactory;
 use wcf\system\session\SessionHandler;
@@ -67,7 +69,18 @@ class WCFACP extends WCF {
 				exit;
 			}
 			else {
-				WCF::getSession()->checkPermissions(array('admin.general.canUseAcp'));
+				// work-around for AJAX-requests within ACP
+				if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
+					try {
+						WCF::getSession()->checkPermissions(array('admin.general.canUseAcp'));
+					}
+					catch (PermissionDeniedException $e) {
+						throw new AJAXException(self::getLanguage()->get('wcf.global.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS, $e->getTraceAsString());
+					}
+				}
+				else {
+					WCF::getSession()->checkPermissions(array('admin.general.canUseAcp'));
+				}
 			}
 		}
 	}
-- 
2.20.1