banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

backend/rss: better error reporting for unauthorized feeds, do not automatically fallback on active session id when key has been provided (refs #318)

Browse Source
master
Andrew Dolgov 14 years ago
parent fbd40f5dd8
commit 19039fd07b
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File

6
backend.php
Unescape Escape View File

@ -465,17 +465,21 @@
} }
if ($key) { if ($key) {
$_SESSION['uid'] = false; // do not fallback to active session id
$result = db_query($link, "SELECT owner_uid FROM $result = db_query($link, "SELECT owner_uid FROM
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
if (db_num_rows($result) == 1) if (db_num_rows($result) == 1)
$_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid"); $_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid");
} }
if ($_SESSION["uid"]) { if ($_SESSION["uid"]) {
generate_syndicated_feed($link, 0, $feed, $is_cat, $limit, generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
$search, $search_mode, $match_on, $view_mode); $search, $search_mode, $match_on, $view_mode);
} else {
header('HTTP/1.1 403 Forbidden');
print_error_xml(6); die;
} }
break; // rss break; // rss

Write Preview
Loading…
Cancel
Save