From ee34e6361d776cfc28a27c88f8033f2f55a6fbed Mon Sep 17 00:00:00 2001 From: Cyperghost Date: Mon, 17 Jun 2024 12:08:36 +0200 Subject: [PATCH] Also check that the current user has the right to upload file attachments --- .../system/attachment/SignatureAttachmentObjectType.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php b/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php index c90f73b598..302a352af6 100644 --- a/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php +++ b/wcfsetup/install/files/lib/system/attachment/SignatureAttachmentObjectType.class.php @@ -173,6 +173,7 @@ class SignatureAttachmentObjectType extends AbstractAttachmentObjectType private function canEditUser(UserProfile $userProfile): bool { return WCF::getSession()->getPermission('admin.user.canEditUser') - && UserGroup::isAccessibleGroup($userProfile->getGroupIDs()); + && UserGroup::isAccessibleGroup($userProfile->getGroupIDs()) + && WCF::getSession()->getPermission('user.signature.attachment.canUpload'); } } -- 2.20.1