From b3e8b2b632d1b136c3c95554329e6930a8d4d0db Mon Sep 17 00:00:00 2001
From: =?utf8?q?Joshua=20R=C3=BCsweg?= <ruesweg@woltlab.com>
Date: Sun, 23 Jun 2019 14:49:00 +0200
Subject: [PATCH] Fix missing permission check to load profile like lists

---
 .../files/lib/data/like/LikeAction.class.php     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/like/LikeAction.class.php b/wcfsetup/install/files/lib/data/like/LikeAction.class.php
index 1546578539..22e08502e2 100644
--- a/wcfsetup/install/files/lib/data/like/LikeAction.class.php
+++ b/wcfsetup/install/files/lib/data/like/LikeAction.class.php
@@ -6,6 +6,8 @@ use wcf\data\user\User;
 use wcf\data\user\UserEditor;
 use wcf\data\AbstractDatabaseObjectAction;
 use wcf\data\IGroupedUserListAction;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\exception\UserInputException;
 use wcf\system\like\LikeHandler;
@@ -287,10 +289,24 @@ class LikeAction extends AbstractDatabaseObjectAction implements IGroupedUserLis
 	 * Validates parameters to load likes.
 	 */
 	public function validateLoad() {
+		if (!MODULE_LIKE) {
+			throw new IllegalLinkException();
+		}
+		
 		$this->readInteger('lastLikeTime', true);
 		$this->readInteger('userID');
 		$this->readInteger('likeValue');
 		$this->readString('likeType');
+		
+		$user = UserProfileRuntimeCache::getInstance()->getObject($this->parameters['userID']);
+		
+		if ($user === null) {
+			throw new IllegalLinkException();
+		}
+		
+		if ($user->isProtected()) {
+			throw new PermissionDeniedException();
+		}
 	}
 	
 	/**
-- 
2.20.1