Always returns a 404 otherwise people might guess which user exist
This commit is contained in:
@@ -153,7 +153,8 @@ abstract class BaseController extends Base
|
||||
}
|
||||
|
||||
if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) {
|
||||
throw new AccessForbiddenException();
|
||||
// Always returns a 404 otherwise people might guess which user exist.
|
||||
throw new PageNotFoundException();
|
||||
}
|
||||
|
||||
return $user;
|
||||
|
||||
Reference in New Issue
Block a user