From 3d65b950334e8cd6cf5324e709344c2f5f5e473a Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 12 Jun 2024 09:49:42 +0000
Subject: [PATCH] Fixes #6710 Throw error when invalid client_id is passed in a
 remote API function

---
 interface/lib/classes/remoting_lib.inc.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index c496cb7e22..e2dcf6a132 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -127,6 +127,10 @@ class remoting_lib extends tform_base {
 			$_SESSION["s"]["user"]["typ"] = 'admin';
 		} else {
 			$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $this->client_id);
+			if(empty($user)) {
+                throw new SoapFault('invalid_client_id', 'Invalid client_id '.$this->client_id);
+			    return false;
+            }
 			$this->sys_username         = $user['username'];
 			$this->sys_userid            = $user['userid'];
 			$this->sys_default_group     = $user['default_group'];
-- 
GitLab