valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prevent session modification in public/rss

This commit is contained in:
Andrew Dolgov 2012-06-07 10:13:05 +04:00
parent 64436e1039
commit 2fb947eb21
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
classes/public_handler.php
View File

@ -30,7 +30,7 @@ class Public_Handler extends Handler {
$feed_self_url = get_self_url_prefix() . $feed_self_url = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" . "/public.php?op=rss&id=-2&key=" .
get_feed_access_key($this->link, -2, false); get_feed_access_key($this->link, -2, false, $owner_uid);
if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
@ -294,9 +294,7 @@ class Public_Handler extends Handler {
} }
if ($owner_id) { if ($owner_id) {
$_SESSION['uid'] = $owner_id; $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
$this->generate_syndicated_feed(0, $feed, $is_cat, $limit,
$search, $search_mode, $match_on, $view_mode); $search, $search_mode, $match_on, $view_mode);
} else { } else {
header('HTTP/1.1 403 Forbidden'); header('HTTP/1.1 403 Forbidden');