backend/rss: better error reporting for unauthorized feeds, do not automatically fallback on active session id when key has been provided (refs #318)

author: Andrew Dolgov <[email protected]> 2011-02-09 12:37:50 +0300
committer: Andrew Dolgov <[email protected]> 2011-02-09 12:37:50 +0300
commit: 19039fd07b1f8a0d68ca9fe90ff2eb103443f4f5 (patch)
tree: e4ecb4a32d93802a35e94eaadc9d9a3d39c104bc /backend.php
parent: fbd40f5dd83a6c156e6b5bbbd39225a0a8fadb3e (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/backend.php b/backend.php
index c7bd61808..4c9813cda 100644
--- a/backend.php
+++ b/backend.php
@@ -465,17 +465,21 @@
 			}
 
 			if ($key) {
+				$_SESSION['uid'] = false; // do not fallback to active session id
+
 				$result = db_query($link, "SELECT owner_uid FROM
 					ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
 
 				if (db_num_rows($result) == 1)
 					$_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid");
-
 			}
 
 			if ($_SESSION["uid"]) {
 				generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
 					$search, $search_mode, $match_on, $view_mode);
+			} else {
+				header('HTTP/1.1 403 Forbidden');
+				print_error_xml(6); die;
 			}
 		break; // rss
author	Andrew Dolgov <[email protected]>	2011-02-09 12:37:50 +0300
committer	Andrew Dolgov <[email protected]>	2011-02-09 12:37:50 +0300
commit	19039fd07b1f8a0d68ca9fe90ff2eb103443f4f5 (patch)
tree	e4ecb4a32d93802a35e94eaadc9d9a3d39c104bc /backend.php
parent	fbd40f5dd83a6c156e6b5bbbd39225a0a8fadb3e (diff)