There is a test in isPermitted() in CoreModule.php, if AUTHORISATION

might be null, and $authorized is then set to false. However, later AUTHORISATION is dereferenced unconditionally. Add a check to $authorized before dereferencing AUTHORISATION.
NagVis · Apr 16, 2018 · b7f82b7 · b7f82b7
1 parent d55e380
commit b7f82b7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/share/server/core/classes/CoreModule.php b/share/server/core/classes/CoreModule.php
@@ -117,7 +117,7 @@ public function isPermitted() {
         // Maybe the requested action is summarized by some other
         $action = !is_bool($this->aActions[$this->sAction]) ? $this->aActions[$this->sAction] : $this->sAction;
 
-        if(!$AUTHORISATION->isPermitted($this->sName, $action, $this->sObject))
+        if($authorized && !$AUTHORISATION->isPermitted($this->sName, $action, $this->sObject))
             $authorized = false;
 
         if(!$authorized)