From 1c95967b314dbe62f42d794b65293b4361cd2cc8 Mon Sep 17 00:00:00 2001
From: sbwalker <shaun.walker@siliqon.com>
Date: Wed, 2 Oct 2024 08:30:34 -0400
Subject: [PATCH] fix #4695 - null reference exception deleting a setting which
 does not exist

---
 Oqtane.Server/Controllers/SettingController.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Oqtane.Server/Controllers/SettingController.cs b/Oqtane.Server/Controllers/SettingController.cs
index 30a01330..d8a95cbe 100644
--- a/Oqtane.Server/Controllers/SettingController.cs
+++ b/Oqtane.Server/Controllers/SettingController.cs
@@ -189,7 +189,7 @@ namespace Oqtane.Controllers
         public void Delete(string entityName, int entityId, string settingName)
         {
             Setting setting = _settings.GetSetting(entityName, entityId, settingName);
-            if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit))
+            if (setting != null && IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit))
             {
                 _settings.DeleteSetting(setting.EntityName, setting.SettingId);
                 AddSyncEvent(setting.EntityName, setting.EntityId, setting.SettingId, SyncEventActions.Delete);
@@ -199,7 +199,7 @@ namespace Oqtane.Controllers
             {
                 if (entityName != EntityNames.Visitor)
                 {
-                    _logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Setting {Setting}", setting);
+                    _logger.Log(LogLevel.Error, this, LogFunction.Delete, "Setting Does Not Exist Or User Not Authorized To Delete Setting For Entity {EntityName} Id {EntityId} Name {SettingName}", entityName, entityId, settingName);
                     HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                 }
             }