prevent session modification in public/rss

author: Andrew Dolgov <[email protected]> 2012-06-07 10:13:05 +0400
committer: Andrew Dolgov <[email protected]> 2012-06-07 10:13:05 +0400
commit: 2fb947eb21cd14225034cc91e48a102d026bfcd2 (patch)
tree: f730d520fe8d573857274f55a092880449a49373 /classes
parent: 64436e103915e02f8c926639646002b60055dbbd (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/classes/public_handler.php b/classes/public_handler.php
index 51ba48fed..5b7b523b9 100644
--- a/classes/public_handler.php
+++ b/classes/public_handler.php
@@ -30,7 +30,7 @@ class Public_Handler extends Handler {
 
 		$feed_self_url = get_self_url_prefix() .
 			"/public.php?op=rss&id=-2&key=" .
-			get_feed_access_key($this->link, -2, false);
+			get_feed_access_key($this->link, -2, false, $owner_uid);
 
 		if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
 
@@ -294,9 +294,7 @@ class Public_Handler extends Handler {
 		}
 
 		if ($owner_id) {
-			$_SESSION['uid'] = $owner_id;
-
-			$this->generate_syndicated_feed(0, $feed, $is_cat, $limit,
+			$this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
 				$search, $search_mode, $match_on, $view_mode);
 		} else {
 			header('HTTP/1.1 403 Forbidden');
author	Andrew Dolgov <[email protected]>	2012-06-07 10:13:05 +0400
committer	Andrew Dolgov <[email protected]>	2012-06-07 10:13:05 +0400
commit	2fb947eb21cd14225034cc91e48a102d026bfcd2 (patch)
tree	f730d520fe8d573857274f55a092880449a49373 /classes
parent	64436e103915e02f8c926639646002b60055dbbd (diff)