backend/rss: better error reporting for unauthorized feeds, do not automatically fallback on active session id when key has been provided (refs #318)
This commit is contained in:
Andrew Dolgov
parent
fbd40f5dd8
commit
19039fd07b
|
|
@ -465,17 +465,21 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($key) {
|
if ($key) {
|
||||||
|
$_SESSION['uid'] = false; // do not fallback to active session id
|
||||||
|
|
||||||
$result = db_query($link, "SELECT owner_uid FROM
|
$result = db_query($link, "SELECT owner_uid FROM
|
||||||
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
|
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
|
||||||
|
|
||||||
if (db_num_rows($result) == 1)
|
if (db_num_rows($result) == 1)
|
||||||
$_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid");
|
$_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_SESSION["uid"]) {
|
if ($_SESSION["uid"]) {
|
||||||
generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
|
generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
|
||||||
$search, $search_mode, $match_on, $view_mode);
|
$search, $search_mode, $match_on, $view_mode);
|
||||||
|
} else {
|
||||||
|
header('HTTP/1.1 403 Forbidden');
|
||||||
|
print_error_xml(6); die;
|
||||||
}
|
}
|
||||||
break; // rss
|
break; // rss
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue