fix several issues related to profile being set to a non-numeric value

author: Andrew Dolgov <[email protected]> 2018-12-04 10:47:01 +0300
committer: Andrew Dolgov <[email protected]> 2018-12-04 10:47:01 +0300
commit: 197e80add6532b8470c6805131c88b91d5f714ea (patch)
tree: fb488ca7a90182bc5ccfda393674cca34a624d1b /classes/db
parent: 7e7a15136bbce68f65f538b781cc47109de7ccc8 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/classes/db/prefs.php b/classes/db/prefs.php
index 70d8b24c0..1fddd27c5 100644
--- a/classes/db/prefs.php
+++ b/classes/db/prefs.php
@@ -26,7 +26,7 @@ class Db_Prefs {
 		$user_id = $_SESSION["uid"];
 		@$profile = $_SESSION["profile"];
 
-		if (!$profile || get_schema_version() < 63) $profile = null;
+		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 
 		$sth = $this->pdo->prepare("SELECT
 			value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
@@ -65,7 +65,7 @@ class Db_Prefs {
 			return $this->convert($tuple["value"], $tuple["type"]);
 		}
 
-		if (!$profile || get_schema_version() < 63) $profile = null;
+		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 
 		$sth = $this->pdo->prepare("SELECT
 			value,ttrss_prefs_types.type_name as type_name
@@ -112,9 +112,11 @@ class Db_Prefs {
 		if (!$user_id) {
 			$user_id = $_SESSION["uid"];
 			@$profile = $_SESSION["profile"];
+		} else {
+			$profile = null;
 		}
 
-		if (!$profile || get_schema_version() < 63) $profile = null;
+		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 
 		$type_name = "";
 		$current_value = "";
author	Andrew Dolgov <[email protected]>	2018-12-04 10:47:01 +0300
committer	Andrew Dolgov <[email protected]>	2018-12-04 10:47:01 +0300
commit	197e80add6532b8470c6805131c88b91d5f714ea (patch)
tree	fb488ca7a90182bc5ccfda393674cca34a624d1b /classes/db
parent	7e7a15136bbce68f65f538b781cc47109de7ccc8 (diff)