From 9841096ce4fa173cd8734d1df1aba01e1e636dd3 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Thu, 18 Nov 2021 05:57:46 +0000
Subject: [PATCH] Added some more check

---
 include/api.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/api.php b/include/api.php
index cea356602e..32a6c51567 100644
--- a/include/api.php
+++ b/include/api.php
@@ -3293,6 +3293,9 @@ api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, AP
  */
 function api_direct_messages_box($type, $box, $verbose)
 {
+	if (empty(BaseApi::getCurrentUserID())) {
+		throw new ForbiddenException();
+	}
 	BaseApi::checkAllowedScope(BaseApi::SCOPE_READ);
 
 	// params