From 9c40fea2838ad75cfee519b5fc083b33f5302c0e Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Fri, 13 May 2022 13:08:34 +0000
Subject: [PATCH] require login when an action is called that needs a user
object, fixes #944
Closes #944
Merge request studip/studip!535
---
app/controllers/course/forum/index.php | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/app/controllers/course/forum/index.php b/app/controllers/course/forum/index.php
index c3b665ead1b..cc2f6b024ab 100644
--- a/app/controllers/course/forum/index.php
+++ b/app/controllers/course/forum/index.php
@@ -177,6 +177,8 @@ class Course_Forum_IndexController extends ForumController
*/
function newest_action($page = null)
{
+ ForumPerm::check('fav_entry', $this->getId());
+
$nav = Navigation::getItem('course/forum2');
$nav->setImage(Icon::create('forum', 'info'));
Navigation::activateItem('course/forum2/newest');
@@ -211,6 +213,8 @@ class Course_Forum_IndexController extends ForumController
*/
function latest_action($page = null)
{
+ ForumPerm::check('fav_entry', $this->getId());
+
$nav = Navigation::getItem('course/forum2');
$nav->setImage(Icon::create('forum', 'info'));
Navigation::activateItem('course/forum2/latest');
@@ -245,6 +249,8 @@ class Course_Forum_IndexController extends ForumController
*/
function favorites_action($page = null)
{
+ ForumPerm::check('fav_entry', $this->getId());
+
$nav = Navigation::getItem('course/forum2');
$nav->setImage(Icon::create('forum', 'info'));
Navigation::activateItem('course/forum2/favorites');
@@ -832,4 +838,13 @@ class Course_Forum_IndexController extends ForumController
ForumHelpers::createPDF($this->getId(), $parent_id);
}
+
+ public function rescue($exception)
+ {
+ if ($exception instanceof AccessDeniedException) {
+ $GLOBALS['auth']->login_if($GLOBALS['user']->id === 'nobody');
+ }
+
+ parent::rescue($exception);
+ }
}
--
GitLab