From 00cacdcdda564e195e1ff6ad286cd0be3013312b Mon Sep 17 00:00:00 2001
From: David Siegfried <david.siegfried@uni-vechta.de>
Date: Mon, 8 May 2023 12:15:27 +0000
Subject: [PATCH] check for valid block and range, fixes #2611

Closes #2611

Merge request studip/studip!1761
---
 app/controllers/consultation/consultation_controller.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/controllers/consultation/consultation_controller.php b/app/controllers/consultation/consultation_controller.php
index dc7fd6e6a90..1c25a9bddc7 100644
--- a/app/controllers/consultation/consultation_controller.php
+++ b/app/controllers/consultation/consultation_controller.php
@@ -79,6 +79,10 @@ abstract class ConsultationController extends AuthenticatedController
 
         $block = ConsultationBlock::find($block_id);
 
+        if (!$block || !$block->range) {
+            throw new Exception(_('Dieser Terminblock ist ungültig.'));
+        }
+
         if (!$block->range->isAccessibleToUser()) {
             throw new AccessDeniedException();
         }
-- 
GitLab