From 476edbbb5fd868fc6b564617be606b7fe71ceca8 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 27 Dec 2010 16:47:33 +0300 Subject: [PATCH] backend/rss: always use secret key to get uid when it is available instead of defaulting to session information; fix published url syntax being incorrect (closes #287) --- backend.php | 2 +- functions.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/backend.php b/backend.php index 410f8986..962453c4 100644 --- a/backend.php +++ b/backend.php @@ -474,7 +474,7 @@ authenticate_user($link, "admin", null); } - if ($key && !$_SESSION["uid"]) { + if ($key) { $result = db_query($link, "SELECT owner_uid FROM ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); diff --git a/functions.php b/functions.php index 84738ddb..3928b2a3 100644 --- a/functions.php +++ b/functions.php @@ -4093,7 +4093,7 @@ ""; $rss_link = htmlspecialchars(get_self_url_prefix() . - "/backend.php?op=rss&id=$feed_id&is_cat=$is_cat$view_mode$search_q"); + "/backend.php?op=rss&id=$feed_id&is_cat=$is_cat&view_mode=$view_mode$search_q"); print "";