From 4b4b763255ad3b2bff8f18da2bd3927b52a54e55 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 6 Dec 2010 17:20:14 -0800 Subject: [PATCH] For good measure, don't return autocomplete results when not logged in. --- plugins/Autocomplete/autocomplete.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/plugins/Autocomplete/autocomplete.php b/plugins/Autocomplete/autocomplete.php index c4b30d264d..c92002245f 100644 --- a/plugins/Autocomplete/autocomplete.php +++ b/plugins/Autocomplete/autocomplete.php @@ -87,7 +87,15 @@ class AutocompleteAction extends Action function prepare($args) { + // If we die, show short error messages. + StatusNet::setApi(true); + parent::prepare($args); + + $cur = common_current_user(); + if (!$cur) { + throw new ClientException('Access forbidden', true); + } $this->groups=array(); $this->users=array(); $q = $this->arg('q');