fix several issues related to profile being set to a non-numeric value

6 years ago · 197e80add6
parent 7e7a15136b
commit 197e80add6
3 changed files with 14 additions and 9 deletions
--- a/classes/db/prefs.php
+++ b/classes/db/prefs.php
@ -26,7 +26,7 @@ class Db_Prefs {
 		$user_id = $_SESSION["uid"];
 		@$profile = $_SESSION["profile"];
-		if (!$profile || get_schema_version() < 63) $profile = null;
+		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 		$sth = $this->pdo->prepare("SELECT
 			value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
@ -65,7 +65,7 @@ class Db_Prefs {
 			return $this->convert($tuple["value"], $tuple["type"]);
 		}
-		if (!$profile || get_schema_version() < 63) $profile = null;
+		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 		$sth = $this->pdo->prepare("SELECT
 			value,ttrss_prefs_types.type_name as type_name
@ -112,9 +112,11 @@ class Db_Prefs {
 		if (!$user_id) {
 			$user_id = $_SESSION["uid"];
 			@$profile = $_SESSION["profile"];
 		} else {
 			$profile = null;
 		}
-		if (!$profile || get_schema_version() < 63) $profile = null;
+		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 		$type_name = "";
 		$current_value = "";
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@ -452,12 +452,16 @@ class Pref_Prefs extends Handler_Protected {
 		print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
-		if ($_SESSION["profile"]) {
+		$profile = $_SESSION["profile"];
 		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 		if ($profile) {
 			print_notice(__("Some preferences are only available in default profile."));
 		}
 		if ($_SESSION["profile"]) {
-			initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
+			initialize_user_prefs($_SESSION["uid"], $profile);
 		} else {
 			initialize_user_prefs($_SESSION["uid"]);
 		}
@ -473,7 +477,7 @@ class Pref_Prefs extends Handler_Protected {
 				ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
 				owner_uid = :uid
 			ORDER BY ttrss_prefs_sections.order_id,pref_name");
-		$sth->execute([":uid" => $_SESSION['uid'], ":profile" => $_SESSION['profile']]);
+		$sth->execute([":uid" => $_SESSION['uid'], ":profile" => $profile]);
 		$lnum = 0;
@ -497,8 +501,7 @@ class Pref_Prefs extends Handler_Protected {
 			if (!$short_desc) continue;
-			if ($_SESSION["profile"] && in_array($line["pref_name"],
+			if ($profile && in_array($line["pref_name"], $profile_blacklist)) {
 					$profile_blacklist)) {
 				continue;
 			}
--- a/include/functions.php
+++ b/include/functions.php
@ -584,7 +584,7 @@
 		$sth = $pdo->query("SELECT pref_name,def_value FROM ttrss_prefs");
-		$profile = $profile ? $profile : null;
+		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 		$u_sth = $pdo->prepare("SELECT pref_name
 			FROM ttrss_user_prefs WHERE owner_uid = :uid AND