Fix possible security issue
This commit is contained in:
parent
1c80969db9
commit
89fde911f9
|
@ -58,6 +58,10 @@ class Export extends BaseModule
|
|||
|
||||
protected function rawContent(array $request = [])
|
||||
{
|
||||
if (!$this->session->getLocalUserId()) {
|
||||
throw new HTTPException\UnauthorizedException($this->t('Permission denied.'));
|
||||
}
|
||||
|
||||
$owner = User::getByNickname($this->parameters['nickname'], ['uid']);
|
||||
if (empty($owner)) {
|
||||
throw new HTTPException\NotFoundException($this->t('User not found.'));
|
||||
|
|
Loading…
Reference in New Issue
Block a user