From a545dc31a403ef6130f78f089441bc06f33d2ed3 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 29 Dec 2009 16:19:53 +0300 Subject: [PATCH] properly check for article ownership in getArticleFeed() --- functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.php b/functions.php index 464a2cbdd..6621b361e 100644 --- a/functions.php +++ b/functions.php @@ -6475,7 +6475,7 @@ function getArticleFeed($link, $id) { $result = db_query($link, "SELECT feed_id FROM ttrss_user_entries - WHERE ref_id = '$id'"); + WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($result) != 0) { return db_fetch_result($result, 0, "feed_id");