Permalink
Browse files

There is a test in isPermitted() in CoreModule.php, if AUTHORISATION

might be null, and $authorized is then set to false. However, later
AUTHORISATION is dereferenced unconditionally. Add a check to $authorized
before dereferencing AUTHORISATION.
  • Loading branch information...
buzzdeee authored and LarsMichelsen committed Feb 14, 2018
1 parent d55e380 commit b7f82b7b9759f5c59be4ee13c69b6a17a464ebf0
Showing with 1 addition and 1 deletion.
  1. +1 −1 share/server/core/classes/CoreModule.php
@@ -117,7 +117,7 @@ public function isPermitted() {
// Maybe the requested action is summarized by some other
$action = !is_bool($this->aActions[$this->sAction]) ? $this->aActions[$this->sAction] : $this->sAction;
if(!$AUTHORISATION->isPermitted($this->sName, $action, $this->sObject))
if($authorized && !$AUTHORISATION->isPermitted($this->sName, $action, $this->sObject))
$authorized = false;
if(!$authorized)

0 comments on commit b7f82b7

Please sign in to comment.