prevent session modification in public/rss

master
Andrew Dolgov 13 years ago
parent 64436e1039
commit 2fb947eb21

@ -30,7 +30,7 @@ class Public_Handler extends Handler {
$feed_self_url = get_self_url_prefix() . $feed_self_url = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" . "/public.php?op=rss&id=-2&key=" .
get_feed_access_key($this->link, -2, false); get_feed_access_key($this->link, -2, false, $owner_uid);
if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
@ -294,9 +294,7 @@ class Public_Handler extends Handler {
} }
if ($owner_id) { if ($owner_id) {
$_SESSION['uid'] = $owner_id; $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
$this->generate_syndicated_feed(0, $feed, $is_cat, $limit,
$search, $search_mode, $match_on, $view_mode); $search, $search_mode, $match_on, $view_mode);
} else { } else {
header('HTTP/1.1 403 Forbidden'); header('HTTP/1.1 403 Forbidden');

Loading…
Cancel
Save