valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC 

The undocumented _DISABLE_FEED_BROWSER option added in commit
c39befacb2 turns off the UI for looking
at which feeds other users are subscribed to, but it did not prevent
you from manually constructing an RPC call to get the same data.  This
was a privacy risk for those who consider _DISABLE_FEED_BROWSER
important.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg 2015-05-21 23:53:14 -04:00
parent d8895ec679
commit 0e653f751e
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
classes/rpc.php
View File

@ -379,6 +379,8 @@ class RPC extends Handler_Protected {
}
function updateFeedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
$search = $this->dbh->escape_string($_REQUEST["search"]);
$limit = $this->dbh->escape_string($_REQUEST["limit"]);
$mode = (int) $this->dbh->escape_string($_REQUEST["mode"]);

2
include/feedbrowser.php
View File

@ -1,6 +1,8 @@
<?php
function make_feed_browser($search, $limit, $mode = 1) {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
$owner_uid = $_SESSION["uid"];
$rv = '';