diff options
author | Andrew Dolgov <[email protected]> | 2019-07-05 16:02:51 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-07-05 16:02:51 +0300 |
commit | ea30061ccedd37f47928ee5a9df89397d2c591bb (patch) | |
tree | cd70d4c5fa5934c60f48f2b98b0d1d85af9d7462 /classes/handler/public.php | |
parent | 088fcf8131a0d5b612362c2fecf337df6ef754bb (diff) |
public: fix share() returning random unshared articles if uuid is not given
Diffstat (limited to 'classes/handler/public.php')
-rwxr-xr-x | classes/handler/public.php | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index b4f0a5b6f..0e990bec7 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -298,23 +298,25 @@ class Handler_Public extends Handler { function share() { $uuid = clean($_REQUEST["key"]); - $sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE - uuid = ?"); - $sth->execute([$uuid]); + if ($uuid) { + $sth = $this->pdo->prepare("SELECT ref_id, owner_uid + FROM ttrss_user_entries WHERE uuid = ?"); + $sth->execute([$uuid]); - if ($row = $sth->fetch()) { - header("Content-Type: text/html"); + if ($row = $sth->fetch()) { + header("Content-Type: text/html"); - $id = $row["ref_id"]; - $owner_uid = $row["owner_uid"]; + $id = $row["ref_id"]; + $owner_uid = $row["owner_uid"]; - print $this->format_article($id, $owner_uid); + print $this->format_article($id, $owner_uid); - } else { - header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); - print "Article not found."; + return; + } } + header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); + print "Article not found."; } private function get_article_image($enclosures, $content, $site_url) { |