public: fix share() returning random unshared articles if uuid is not given

author: Andrew Dolgov <[email protected]> 2019-07-05 16:02:51 +0300
committer: Andrew Dolgov <[email protected]> 2019-07-05 16:02:51 +0300
commit: ea30061ccedd37f47928ee5a9df89397d2c591bb (patch)
tree: cd70d4c5fa5934c60f48f2b98b0d1d85af9d7462 /classes/handler/public.php
parent: 088fcf8131a0d5b612362c2fecf337df6ef754bb (diff)
1 files changed, 13 insertions, 11 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php
index b4f0a5b6f..0e990bec7 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -298,23 +298,25 @@ class Handler_Public extends Handler {
 	function share() {
 		$uuid = clean($_REQUEST["key"]);
 
-		$sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
-			uuid = ?");
-		$sth->execute([$uuid]);
+		if ($uuid) {
+			$sth = $this->pdo->prepare("SELECT ref_id, owner_uid 
+						FROM ttrss_user_entries WHERE uuid = ?");
+			$sth->execute([$uuid]);
 
-		if ($row = $sth->fetch()) {
-			header("Content-Type: text/html");
+			if ($row = $sth->fetch()) {
+				header("Content-Type: text/html");
 
-			$id = $row["ref_id"];
-			$owner_uid = $row["owner_uid"];
+				$id = $row["ref_id"];
+				$owner_uid = $row["owner_uid"];
 
-			print $this->format_article($id, $owner_uid);
+				print $this->format_article($id, $owner_uid);
 
-		} else {
-			header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
-			print "Article not found.";
+				return;
+			}
 		}
 
+		header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
+		print "Article not found.";
 	}
 
 	private function get_article_image($enclosures, $content, $site_url) {
author	Andrew Dolgov <[email protected]>	2019-07-05 16:02:51 +0300
committer	Andrew Dolgov <[email protected]>	2019-07-05 16:02:51 +0300
commit	ea30061ccedd37f47928ee5a9df89397d2c591bb (patch)
tree	cd70d4c5fa5934c60f48f2b98b0d1d85af9d7462 /classes/handler/public.php
parent	088fcf8131a0d5b612362c2fecf337df6ef754bb (diff)