public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-19 23:11:29 +00:00
Code Issues Releases Wiki Activity

add additional ownership checks to getfeedcounters/getcategorycounters

Browse Source
This commit is contained in:
Andrew Dolgov
2012-08-15 19:34:50 +04:00
parent a650c251c7
commit fc9de93985
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions.php
View File

@@ -1506,6 +1506,7 @@
WHERE c2.parent_cat = ttrss_feed_categories.id) AS num_children WHERE c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories, ttrss_cat_counters_cache FROM ttrss_feed_categories, ttrss_cat_counters_cache
WHERE ttrss_cat_counters_cache.feed_id = id AND WHERE ttrss_cat_counters_cache.feed_id = id AND
ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid AND
ttrss_feed_categories.owner_uid = " . $_SESSION["uid"]); ttrss_feed_categories.owner_uid = " . $_SESSION["uid"]);
while ($line = db_fetch_assoc($result)) { while ($line = db_fetch_assoc($result)) {
@@ -1843,6 +1844,7 @@
last_error, value AS count last_error, value AS count
FROM ttrss_feeds, ttrss_counters_cache FROM ttrss_feeds, ttrss_counters_cache
WHERE ttrss_feeds.owner_uid = ".$_SESSION["uid"]." WHERE ttrss_feeds.owner_uid = ".$_SESSION["uid"]."
AND ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid
AND ttrss_counters_cache.feed_id = id"; AND ttrss_counters_cache.feed_id = id";
$result = db_query($link, $query); $result = db_query($link, $query);