diff options
author | Anders Kaseorg <[email protected]> | 2015-05-21 23:53:14 -0400 |
---|---|---|
committer | Anders Kaseorg <[email protected]> | 2015-05-21 23:53:58 -0400 |
commit | 0e653f751ee8346a9d24ff9974aa08d205954b4f (patch) | |
tree | 0fe345d253530c0c8e3ef6d98256422de9bd33fc | |
parent | d8895ec679fb3557ddf01d8be74a5eb82c7dac7a (diff) |
Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC
The undocumented _DISABLE_FEED_BROWSER option added in commit
c39befacb29f3f709e2d248ab6d6235524d6e929 turns off the UI for looking
at which feeds other users are subscribed to, but it did not prevent
you from manually constructing an RPC call to get the same data. This
was a privacy risk for those who consider _DISABLE_FEED_BROWSER
important.
Signed-off-by: Anders Kaseorg <[email protected]>
-rw-r--r-- | classes/rpc.php | 2 | ||||
-rw-r--r-- | include/feedbrowser.php | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/classes/rpc.php b/classes/rpc.php index b4de44a74..a84883bfa 100644 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -379,6 +379,8 @@ class RPC extends Handler_Protected { } function updateFeedBrowser() { + if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; + $search = $this->dbh->escape_string($_REQUEST["search"]); $limit = $this->dbh->escape_string($_REQUEST["limit"]); $mode = (int) $this->dbh->escape_string($_REQUEST["mode"]); diff --git a/include/feedbrowser.php b/include/feedbrowser.php index 8907aa9e4..800bcd970 100644 --- a/include/feedbrowser.php +++ b/include/feedbrowser.php @@ -1,6 +1,8 @@ <?php function make_feed_browser($search, $limit, $mode = 1) { + if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; + $owner_uid = $_SESSION["uid"]; $rv = ''; |