rpc: addfeed: gets login and pass only if need_auth is checked.
Because of browser form auto-completion, the hidden field login and password can be automatically filled when adding a feed. It would enable feed authentication even if the user doesn't click on need_auth button.
This commit is contained in:
parent
c30f5e1811
commit
c217de557f
|
@ -97,8 +97,9 @@ class RPC extends Handler_Protected {
|
||||||
function addfeed() {
|
function addfeed() {
|
||||||
$feed = clean($_REQUEST['feed']);
|
$feed = clean($_REQUEST['feed']);
|
||||||
$cat = clean($_REQUEST['cat']);
|
$cat = clean($_REQUEST['cat']);
|
||||||
$login = clean($_REQUEST['login']);
|
$need_auth = isset($_REQUEST['need_auth']);
|
||||||
$pass = trim(clean($_REQUEST['pass']));
|
$login = $need_auth ? clean($_REQUEST['login']) : '';
|
||||||
|
$pass = $need_auth ? trim(clean($_REQUEST['pass'])) : '';
|
||||||
|
|
||||||
$rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass);
|
$rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue