RSS Feed/News Member::actionBan can cause a server error when a non-moderator touches it

[ENXF NET]

If a non-moderator (or guest) attempts to access members/ban, it instead causes a server error.

PHP:

    public function canBan(&$error = null)
    {
        $visitor = \XF::visitor();

if (!$this->user_id || !$visitor->is_moderator || $this->user_id == $visitor->user_id)
        {
            return false;
        }
...
    public function userBanAddEdit(User $user)
    {
        if (!$user->canBan($error))
        {
            return $this->error($error);
        }

...

Read more

Continue reading...