From 19039fd07b1f8a0d68ca9fe90ff2eb103443f4f5 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 9 Feb 2011 12:37:50 +0300 Subject: [PATCH] backend/rss: better error reporting for unauthorized feeds, do not automatically fallback on active session id when key has been provided (refs #318) --- backend.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/backend.php b/backend.php index c7bd6180..4c9813cd 100644 --- a/backend.php +++ b/backend.php @@ -465,17 +465,21 @@ } if ($key) { + $_SESSION['uid'] = false; // do not fallback to active session id + $result = db_query($link, "SELECT owner_uid FROM ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); if (db_num_rows($result) == 1) $_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid"); - } if ($_SESSION["uid"]) { generate_syndicated_feed($link, 0, $feed, $is_cat, $limit, $search, $search_mode, $match_on, $view_mode); + } else { + header('HTTP/1.1 403 Forbidden'); + print_error_xml(6); die; } break; // rss