From f453a22f13433e3f36749ff432fdcefdab3c0097 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Fri, 16 Aug 2019 14:57:53 +0200
Subject: [PATCH] Disallow spiders to access the auth actions

---
 .../files/lib/action/FacebookAuthAction.class.php     | 11 +++++++++++
 .../files/lib/action/GithubAuthAction.class.php       | 11 +++++++++++
 .../files/lib/action/GoogleAuthAction.class.php       | 11 +++++++++++
 .../files/lib/action/TwitterAuthAction.class.php      | 11 +++++++++++
 4 files changed, 44 insertions(+)

diff --git a/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php b/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
index 1c0bd77f72..b5f4548f35 100644
--- a/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
@@ -27,6 +27,17 @@ class FacebookAuthAction extends AbstractAction {
 	 */
 	public $neededModules = ['FACEBOOK_PUBLIC_KEY', 'FACEBOOK_PRIVATE_KEY'];
 	
+	/**
+	 * @inheritDoc
+	 */
+	public function readParameters() {
+		parent::readParameters();
+		
+		if (WCF::getSession()->spiderID) {
+			throw new IllegalLinkException();
+		}
+	}
+	
 	/**
 	 * @inheritDoc
 	 */
diff --git a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
index 355e42b754..fb6b952454 100644
--- a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
@@ -27,6 +27,17 @@ class GithubAuthAction extends AbstractAction {
 	 */
 	public $neededModules = ['GITHUB_PUBLIC_KEY', 'GITHUB_PRIVATE_KEY'];
 	
+	/**
+	 * @inheritDoc
+	 */
+	public function readParameters() {
+		parent::readParameters();
+		
+		if (WCF::getSession()->spiderID) {
+			throw new IllegalLinkException();
+		}
+	}
+	
 	/**
 	 * @inheritDoc
 	 */
diff --git a/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php b/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php
index 312524a999..8211988ed4 100644
--- a/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php
@@ -27,6 +27,17 @@ class GoogleAuthAction extends AbstractAction {
 	 */
 	public $neededModules = ['GOOGLE_PUBLIC_KEY', 'GOOGLE_PRIVATE_KEY'];
 	
+	/**
+	 * @inheritDoc
+	 */
+	public function readParameters() {
+		parent::readParameters();
+		
+		if (WCF::getSession()->spiderID) {
+			throw new IllegalLinkException();
+		}
+	}
+	
 	/**
 	 * @inheritDoc
 	 */
diff --git a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
index 4edce144f6..eeaa9da04a 100644
--- a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
@@ -26,6 +26,17 @@ class TwitterAuthAction extends AbstractAction {
 	 */
 	public $neededModules = ['TWITTER_PUBLIC_KEY', 'TWITTER_PRIVATE_KEY'];
 	
+	/**
+	 * @inheritDoc
+	 */
+	public function readParameters() {
+		parent::readParameters();
+		
+		if (WCF::getSession()->spiderID) {
+			throw new IllegalLinkException();
+		}
+	}
+	
 	/**
 	 * @inheritDoc
 	 */
-- 
2.20.1