diff options
author | Andrew Dolgov <[email protected]> | 2012-06-07 10:13:05 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-06-07 10:13:05 +0400 |
commit | 2fb947eb21cd14225034cc91e48a102d026bfcd2 (patch) | |
tree | f730d520fe8d573857274f55a092880449a49373 /classes/public_handler.php | |
parent | 64436e103915e02f8c926639646002b60055dbbd (diff) |
prevent session modification in public/rss
Diffstat (limited to 'classes/public_handler.php')
-rw-r--r-- | classes/public_handler.php | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/classes/public_handler.php b/classes/public_handler.php index 51ba48fed..5b7b523b9 100644 --- a/classes/public_handler.php +++ b/classes/public_handler.php @@ -30,7 +30,7 @@ class Public_Handler extends Handler { $feed_self_url = get_self_url_prefix() . "/public.php?op=rss&id=-2&key=" . - get_feed_access_key($this->link, -2, false); + get_feed_access_key($this->link, -2, false, $owner_uid); if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); @@ -294,9 +294,7 @@ class Public_Handler extends Handler { } if ($owner_id) { - $_SESSION['uid'] = $owner_id; - - $this->generate_syndicated_feed(0, $feed, $is_cat, $limit, + $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit, $search, $search_mode, $match_on, $view_mode); } else { header('HTTP/1.1 403 Forbidden'); |