From ff1b533c7de968829f75843ddf3a73587d8ab19c Mon Sep 17 00:00:00 2001
From: Marcel Werk <burntime@woltlab.com>
Date: Thu, 31 Mar 2022 14:11:15 +0200
Subject: [PATCH] Check permissions before redirecting to the canonical URL

Redirecting to the Canonical URL can lead to information disclosure, for example, if the URL contains the title of the object. Therefore, it is important to check the permissions before redirecting.
---
 wcfsetup/install/files/lib/page/AbstractPage.class.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wcfsetup/install/files/lib/page/AbstractPage.class.php b/wcfsetup/install/files/lib/page/AbstractPage.class.php
index 51c738a240..a54f8724ea 100644
--- a/wcfsetup/install/files/lib/page/AbstractPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractPage.class.php
@@ -263,6 +263,10 @@ abstract class AbstractPage implements IPage
             throw new PermissionDeniedException();
         }
 
+        $this->checkModules();
+
+        $this->checkPermissions();
+
         // check if current request URL matches the canonical URL
         if ($this->canonicalURL && (empty($_POST) || $this->forceCanonicalURL)) {
             $canonicalURL = Url::parse(\preg_replace('~[?&]s=[a-f0-9]{40}~', '', $this->canonicalURL));
@@ -345,10 +349,6 @@ abstract class AbstractPage implements IPage
 
         $this->setActiveMenuItem();
 
-        $this->checkModules();
-
-        $this->checkPermissions();
-
         $this->maybeSetPsr7Response(
             $this->readData()
         );
-- 
2.20.1