Should send "403 - Forbidden" if user not found.

2025-09-07 13:41:21 +00:00 · 2013-01-31 00:00:48 -08:00
parent a19b1af6f7
commit bff58e38a3
1 changed files with 2 additions and 0 deletions
--- a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/PermissionList.java
+++ b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/PermissionList.java
@@ -113,6 +113,8 @@ public class PermissionList extends AuthenticatingHttpServlet {
            
            // Get specific user
            User user = users.getUser(username);
+            if (user == null)
+                throw new GuacamoleSecurityException("No such user.");
            
            // Write XML content type
            response.setHeader("Content-Type", "text/xml");