From 8f0e36d61785a0bc63749e298266ac238c453f7e Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Tue, 24 Aug 2021 05:54:15 -0400 Subject: [PATCH] Raise an Exception when Profile::load is profided the system user nickname --- src/Model/Profile.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 80775c9e86..147c1f3cab 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -35,6 +35,7 @@ use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\DI; +use Friendica\Network\HTTPException; use Friendica\Protocol\Activity; use Friendica\Protocol\Diaspora; use Friendica\Util\DateTimeFormat; @@ -204,11 +205,13 @@ class Profile * the theme is chosen before the _init() function of a theme is run, which will usually * load a lot of theme-specific content * - * @param App $a - * @param string $nickname string - * + * @param App $a + * @param string $nickname string + * @param bool $show_contacts * @return array Profile - * @throws \Friendica\Network\HTTPException\InternalServerErrorException + * + * @throws HTTPException\NotFoundException + * @throws HTTPException\InternalServerErrorException * @throws \ImagickException */ public static function load(App $a, string $nickname, bool $show_contacts = true) @@ -219,6 +222,12 @@ class Profile return []; } + // System user, aborting + if ($profile['uid'] === 0) { + DI::logger()->warning('System user found in Profile::load', ['nickname' => $nickname, 'callstack' => System::callstack(20)]); + throw new HTTPException\NotFoundException(DI::l10n()->t('User not found.')); + } + $a->setProfileOwner($profile['uid']); DI::page()['title'] = $profile['name'] . ' @ ' . DI::config()->get('config', 'sitename'); -- 2.39.5