diff options
author | Colin Vidal <[email protected]> | 2018-01-14 20:55:39 +0100 |
---|---|---|
committer | Colin Vidal <[email protected]> | 2018-01-14 20:55:39 +0100 |
commit | c217de557f172871e85472c4aa21651d32ae680e (patch) | |
tree | 027fb9d652f3eb236401526a05d865d5b24c7b1c /classes/rpc.php | |
parent | c30f5e18119d1935e8fe6d422053b127e8f4f1b3 (diff) |
rpc: addfeed: gets login and pass only if need_auth is checked.
Because of browser form auto-completion, the hidden field login and
password can be automatically filled when adding a feed. It would
enable feed authentication even if the user doesn't click on need_auth
button.
Diffstat (limited to 'classes/rpc.php')
-rwxr-xr-x | classes/rpc.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/classes/rpc.php b/classes/rpc.php index f8cf7a828..bd4337fbe 100755 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -97,8 +97,9 @@ class RPC extends Handler_Protected { function addfeed() { $feed = clean($_REQUEST['feed']); $cat = clean($_REQUEST['cat']); - $login = clean($_REQUEST['login']); - $pass = trim(clean($_REQUEST['pass'])); + $need_auth = isset($_REQUEST['need_auth']); + $login = $need_auth ? clean($_REQUEST['login']) : ''; + $pass = $need_auth ? trim(clean($_REQUEST['pass'])) : ''; $rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass); |