valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

public: fix share() returning random unshared articles if uuid is not given

This commit is contained in:
Andrew Dolgov 2019-07-05 16:02:51 +03:00
parent 088fcf8131
commit ea30061cce
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
classes/handler/public.php
View File

@ -298,23 +298,25 @@ class Handler_Public extends Handler {
function share() { function share() {
$uuid = clean($_REQUEST["key"]); $uuid = clean($_REQUEST["key"]);
$sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE if ($uuid) {
uuid = ?"); $sth = $this->pdo->prepare("SELECT ref_id, owner_uid
$sth->execute([$uuid]); FROM ttrss_user_entries WHERE uuid = ?");
$sth->execute([$uuid]);
if ($row = $sth->fetch()) { if ($row = $sth->fetch()) {
header("Content-Type: text/html"); header("Content-Type: text/html");
$id = $row["ref_id"]; $id = $row["ref_id"];
$owner_uid = $row["owner_uid"]; $owner_uid = $row["owner_uid"];
print $this->format_article($id, $owner_uid); print $this->format_article($id, $owner_uid);
} else { return;
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); }
print "Article not found.";
} }
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
print "Article not found.";
} }
private function get_article_image($enclosures, $content, $site_url) { private function get_article_image($enclosures, $content, $site_url) {