public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 05:15:55 +00:00
Code Issues Releases Wiki Activity

force cast profile id to integer when assigning to session variable

Browse Source
This commit is contained in:
Andrew Dolgov
2018-12-06 07:08:54 +03:00
parent f33cd597be
commit 19e24b4fe2
3 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
classes/handler/public.php
View File

@@ -509,7 +509,7 @@ class Handler_Public extends Handler {
if (clean($_POST["profile"])) {
$profile = clean($_POST["profile"]);
$profile = (int) clean($_POST["profile"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles
WHERE id = ? AND owner_uid = ?");
@@ -517,7 +517,9 @@ class Handler_Public extends Handler {
if ($sth->fetch()) {
$_SESSION["profile"] = $profile;
}
} else {
$_SESSION["profile"] = null;
}
}
} else {