diff options
author | Andrew Dolgov <[email protected]> | 2012-08-15 19:34:50 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-08-15 19:34:50 +0400 |
commit | fc9de939857feb3dc0b46e674464bc7e68a72130 (patch) | |
tree | af7001959e5942360bbc96f33b6baafc585b0e3e | |
parent | a650c251c7e13cdbe5fb9f141439522cccb58002 (diff) |
add additional ownership checks to getfeedcounters/getcategorycounters
-rw-r--r-- | include/functions.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/functions.php b/include/functions.php index 41f6c9db5..0bb761f5d 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1506,6 +1506,7 @@ WHERE c2.parent_cat = ttrss_feed_categories.id) AS num_children FROM ttrss_feed_categories, ttrss_cat_counters_cache WHERE ttrss_cat_counters_cache.feed_id = id AND + ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid AND ttrss_feed_categories.owner_uid = " . $_SESSION["uid"]); while ($line = db_fetch_assoc($result)) { @@ -1843,6 +1844,7 @@ last_error, value AS count FROM ttrss_feeds, ttrss_counters_cache WHERE ttrss_feeds.owner_uid = ".$_SESSION["uid"]." + AND ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid AND ttrss_counters_cache.feed_id = id"; $result = db_query($link, $query); |