Fixed Guests can purchase user upgrades

[Kirby]

Affected version

2.1.3

If a guest does access /purchase/user_upgrade/?user_upgrade_id=1&payment_profile_id=1 on a XenForo installation that does have such User Upgrade and Payment Profile IDs, XF does start the payment process without verifying that the user is actualy logged in.

 

[XF Bug Bot]

Thank you for reporting this issue. It has now been resolved and we are aiming to include it in a future XF release (2.1.4).

Change log:

Prevent guests from entering user upgrade checkout flow

Any changes made as a result of this issue being resolved may not be rolled out here until later.