dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Add permission check for suppressed account
[lhc/web/wiklou.git] / includes / specials / SpecialRedirect.php
diff --git a/includes/specials/SpecialRedirect.php b/includes/specials/SpecialRedirect.php
index c1409ff..50867dd 100644 (file)
--- a/includes/specials/SpecialRedirect.php
+++ b/includes/specials/SpecialRedirect.php
@@ -83,6 +83,11 @@ class SpecialRedirect extends FormSpecialPage {
                        // Message: redirect-not-exists
                        return Status::newFatal( $this->getMessagePrefix() . '-not-exists' );
                }
+               if ( $user->isHidden() && !MediaWikiServices::getInstance()->getPermissionManager()
+                       ->userHasRight( $this->getUser(), 'hideuser' )
+               ) {
+                       throw new PermissionsError( null, [ 'badaccess-group0' ] );
+               }
                $userpage = Title::makeTitle( NS_USER, $username );
 
                return Status::newGood( $userpage->getFullURL( '', false, PROTO_CURRENT ) );
Wiklou, le Wiki du Wiklou