summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorFrédéric Guillot <fred@kanboard.net>2019-01-30 21:07:56 -0800
committerFrédéric Guillot <fred@kanboard.net>2019-01-30 21:07:56 -0800
commit322383b0847426cb92533528a784471b94193a3b (patch)
tree15deb31ac72c4fb5352008b650694b34b4cbab0f /app
parent61a55c888889a1ec3376a7a3bba230dc15a378a4 (diff)
Always returns a 404 otherwise people might guess which user exist
Diffstat (limited to 'app')
-rw-r--r--app/Controller/BaseController.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
index 637c3db1..1dd7d372 100644
--- a/app/Controller/BaseController.php
+++ b/app/Controller/BaseController.php
@@ -153,7 +153,8 @@ abstract class BaseController extends Base
}
if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) {
- throw new AccessForbiddenException();
+ // Always returns a 404 otherwise people might guess which user exist.
+ throw new PageNotFoundException();
}
return $user;