From 89fde911f9d13d70eec7040c2f72c6f4a855dc8f Mon Sep 17 00:00:00 2001 From: Philipp Date: Wed, 2 Nov 2022 19:58:01 +0100 Subject: [PATCH] Fix possible security issue --- src/Module/Calendar/Export.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Module/Calendar/Export.php b/src/Module/Calendar/Export.php index 30a1bc44de..74fc52b464 100644 --- a/src/Module/Calendar/Export.php +++ b/src/Module/Calendar/Export.php @@ -58,6 +58,10 @@ class Export extends BaseModule protected function rawContent(array $request = []) { + if (!$this->session->getLocalUserId()) { + throw new HTTPException\UnauthorizedException($this->t('Permission denied.')); + } + $owner = User::getByNickname($this->parameters['nickname'], ['uid']); if (empty($owner)) { throw new HTTPException\NotFoundException($this->t('User not found.'));