mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2026-02-10 16:01:33 +00:00
prevent session modification in public/rss
This commit is contained in:
@@ -30,7 +30,7 @@ class Public_Handler extends Handler {
|
|||||||
|
|
||||||
$feed_self_url = get_self_url_prefix() .
|
$feed_self_url = get_self_url_prefix() .
|
||||||
"/public.php?op=rss&id=-2&key=" .
|
"/public.php?op=rss&id=-2&key=" .
|
||||||
get_feed_access_key($this->link, -2, false);
|
get_feed_access_key($this->link, -2, false, $owner_uid);
|
||||||
|
|
||||||
if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
|
if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
|
||||||
|
|
||||||
@@ -294,9 +294,7 @@ class Public_Handler extends Handler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($owner_id) {
|
if ($owner_id) {
|
||||||
$_SESSION['uid'] = $owner_id;
|
$this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
|
||||||
|
|
||||||
$this->generate_syndicated_feed(0, $feed, $is_cat, $limit,
|
|
||||||
$search, $search_mode, $match_on, $view_mode);
|
$search, $search_mode, $match_on, $view_mode);
|
||||||
} else {
|
} else {
|
||||||
header('HTTP/1.1 403 Forbidden');
|
header('HTTP/1.1 403 Forbidden');
|
||||||
|
|||||||
Reference in New Issue
Block a user