From 4738ca851207f07bdfc409ecb16d3fc754e5bf48 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 8 Jul 2024 11:05:58 +0200
Subject: Fix for disabled logged-in users (#6612)

fix https://github.com/FreshRSS/FreshRSS/issues/6611
Logged-in users were still able to use their account for some time despite having being disabled by admin
---
 p/api/query.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'p')

diff --git a/p/api/query.php b/p/api/query.php
index c95a2bf43..7d74f2313 100644
--- a/p/api/query.php
+++ b/p/api/query.php
@@ -36,7 +36,7 @@ if (!FreshRSS_Context::hasSystemConf() || !FreshRSS_Context::systemConf()->api_e
 }
 
 FreshRSS_Context::initUser($user);
-if (!FreshRSS_Context::hasUserConf()) {
+if (!FreshRSS_Context::hasUserConf() || !FreshRSS_Context::userConf()->enabled) {
 	usleep(rand(100, 10000));	//Primitive mitigation of scanning for users
 	header('HTTP/1.1 404 Not Found');
 	header('Content-Type: text/plain; charset=UTF-8');
-- 
cgit v1.2.3