Always returns a 404 otherwise people might guess which user exist

author: Frédéric Guillot <fred@kanboard.net> 2019-01-30 21:07:56 -0800
committer: Frédéric Guillot <fred@kanboard.net> 2019-01-30 21:07:56 -0800
commit: 322383b0847426cb92533528a784471b94193a3b (patch)
tree: 15deb31ac72c4fb5352008b650694b34b4cbab0f /app/Controller
parent: 61a55c888889a1ec3376a7a3bba230dc15a378a4 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
index 637c3db1..1dd7d372 100644
--- a/app/Controller/BaseController.php
+++ b/app/Controller/BaseController.php
@@ -153,7 +153,8 @@ abstract class BaseController extends Base
         }
 
         if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) {
-            throw new AccessForbiddenException();
+            // Always returns a 404 otherwise people might guess which user exist.
+            throw new PageNotFoundException();
         }
 
         return $user;
author	Frédéric Guillot <fred@kanboard.net>	2019-01-30 21:07:56 -0800
committer	Frédéric Guillot <fred@kanboard.net>	2019-01-30 21:07:56 -0800
commit	322383b0847426cb92533528a784471b94193a3b (patch)
tree	15deb31ac72c4fb5352008b650694b34b4cbab0f /app/Controller
parent	61a55c888889a1ec3376a7a3bba230dc15a378a4 (diff)