security fixes in filter editor

This commit is contained in:
Andrew Dolgov 2006-05-22 06:13:44 +01:00
parent 4220b0bddb
commit 9cd30721df

View file

@ -2099,7 +2099,7 @@
$filter_id = db_escape_string($_GET["id"]); $filter_id = db_escape_string($_GET["id"]);
$result = db_query($link, $result = db_query($link,
"SELECT * FROM ttrss_filters WHERE id = '$filter_id'"); "SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$reg_exp = htmlspecialchars(db_unescape_string(db_fetch_result($result, 0, "reg_exp"))); $reg_exp = htmlspecialchars(db_unescape_string(db_fetch_result($result, 0, "reg_exp")));
$filter_type = db_fetch_result($result, 0, "filter_type"); $filter_type = db_fetch_result($result, 0, "filter_type");
@ -2199,7 +2199,7 @@
feed_id = $feed_id, feed_id = $feed_id,
action_id = '$action_id', action_id = '$action_id',
filter_type = '$filter_type' filter_type = '$filter_type'
WHERE id = '$filter_id'"); WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
} }
if ($subop == "remove") { if ($subop == "remove") {
@ -2209,7 +2209,7 @@
$ids = split(",", db_escape_string($_GET["ids"])); $ids = split(",", db_escape_string($_GET["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id'"); db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
} }
} }