From 89fde911f9d13d70eec7040c2f72c6f4a855dc8f Mon Sep 17 00:00:00 2001
From: Philipp <admin@philipp.info>
Date: Wed, 2 Nov 2022 19:58:01 +0100
Subject: [PATCH] Fix possible security issue

---
 src/Module/Calendar/Export.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Module/Calendar/Export.php b/src/Module/Calendar/Export.php
index 30a1bc44d..74fc52b46 100644
--- a/src/Module/Calendar/Export.php
+++ b/src/Module/Calendar/Export.php
@@ -58,6 +58,10 @@ class Export extends BaseModule
 
 	protected function rawContent(array $request = [])
 	{
+		if (!$this->session->getLocalUserId()) {
+			throw new HTTPException\UnauthorizedException($this->t('Permission denied.'));
+		}
+
 		$owner = User::getByNickname($this->parameters['nickname'], ['uid']);
 		if (empty($owner)) {
 			throw new HTTPException\NotFoundException($this->t('User not found.'));