diff options
author | Andrew Dolgov <[email protected]> | 2011-02-09 12:37:50 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-02-09 12:37:50 +0300 |
commit | 19039fd07b1f8a0d68ca9fe90ff2eb103443f4f5 (patch) | |
tree | e4ecb4a32d93802a35e94eaadc9d9a3d39c104bc | |
parent | fbd40f5dd83a6c156e6b5bbbd39225a0a8fadb3e (diff) |
backend/rss: better error reporting for unauthorized feeds, do not automatically fallback on active session id when key has been provided (refs #318)
-rw-r--r-- | backend.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/backend.php b/backend.php index c7bd61808..4c9813cda 100644 --- a/backend.php +++ b/backend.php @@ -465,17 +465,21 @@ } if ($key) { + $_SESSION['uid'] = false; // do not fallback to active session id + $result = db_query($link, "SELECT owner_uid FROM ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); if (db_num_rows($result) == 1) $_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid"); - } if ($_SESSION["uid"]) { generate_syndicated_feed($link, 0, $feed, $is_cat, $limit, $search, $search_mode, $match_on, $view_mode); + } else { + header('HTTP/1.1 403 Forbidden'); + print_error_xml(6); die; } break; // rss |