AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Always returns a 404 otherwise people might guess which user exist

This commit is contained in:
Frédéric Guillot 2019-01-30 21:07:56 -08:00
parent 61a55c8888
commit 322383b084
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/BaseController.php
View File

@ -153,7 +153,8 @@ abstract class BaseController extends Base
}
if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) {
throw new AccessForbiddenException();
// Always returns a 404 otherwise people might guess which user exist.
throw new PageNotFoundException();
}
return $user;