From 9908db5b67e837d508d6bddd8ae50e649e73fbf3 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Fri, 21 Jan 2022 11:53:47 +0100
Subject: [PATCH] Validate the module and permissions, improved code clarity

---
 .../data/conversation/ConversationAction.class.php   | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/files/lib/data/conversation/ConversationAction.class.php b/files/lib/data/conversation/ConversationAction.class.php
index ce0f039..09b18dc 100644
--- a/files/lib/data/conversation/ConversationAction.class.php
+++ b/files/lib/data/conversation/ConversationAction.class.php
@@ -17,6 +17,7 @@ use wcf\system\clipboard\ClipboardHandler;
 use wcf\system\conversation\ConversationHandler;
 use wcf\system\database\util\PreparedStatementConditionBuilder;
 use wcf\system\event\EventHandler;
+use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\exception\UserInputException;
 use wcf\system\log\modification\ConversationModificationLogHandler;
@@ -841,6 +842,13 @@ class ConversationAction extends AbstractDatabaseObjectAction implements
      */
     public function validateGetConversations(): void
     {
+        if (!\MODULE_CONVERSATION) {
+            throw new IllegalLinkException();
+        }
+
+        if (!WCF::getSession()->getPermission('user.conversation.canUseConversation')) {
+            throw new PermissionDeniedException();
+        }
     }
 
     /**
@@ -914,9 +922,7 @@ class ConversationAction extends AbstractDatabaseObjectAction implements
                 ]
             );
 
-            $usernames = \array_map(static function (User $user) {
-                return $user->username;
-            }, $conversation->getParticipantSummary());
+            $usernames = \array_column($conversation->getParticipantSummary(), 'username');
 
             return [
                 'content' => $conversation->getTitle(),
-- 
2.20.1