diff options
author | Andrew Dolgov <[email protected]> | 2018-12-04 10:47:01 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2018-12-04 10:47:01 +0300 |
commit | 197e80add6532b8470c6805131c88b91d5f714ea (patch) | |
tree | fb488ca7a90182bc5ccfda393674cca34a624d1b /classes/db/prefs.php | |
parent | 7e7a15136bbce68f65f538b781cc47109de7ccc8 (diff) |
fix several issues related to profile being set to a non-numeric value
Diffstat (limited to 'classes/db/prefs.php')
-rw-r--r-- | classes/db/prefs.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/classes/db/prefs.php b/classes/db/prefs.php index 70d8b24c0..1fddd27c5 100644 --- a/classes/db/prefs.php +++ b/classes/db/prefs.php @@ -26,7 +26,7 @@ class Db_Prefs { $user_id = $_SESSION["uid"]; @$profile = $_SESSION["profile"]; - if (!$profile || get_schema_version() < 63) $profile = null; + if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null; $sth = $this->pdo->prepare("SELECT value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name @@ -65,7 +65,7 @@ class Db_Prefs { return $this->convert($tuple["value"], $tuple["type"]); } - if (!$profile || get_schema_version() < 63) $profile = null; + if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null; $sth = $this->pdo->prepare("SELECT value,ttrss_prefs_types.type_name as type_name @@ -112,9 +112,11 @@ class Db_Prefs { if (!$user_id) { $user_id = $_SESSION["uid"]; @$profile = $_SESSION["profile"]; + } else { + $profile = null; } - if (!$profile || get_schema_version() < 63) $profile = null; + if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null; $type_name = ""; $current_value = ""; |