From 12fb24b921779038ec09b0fb2b31c94380a0aeaa Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Tue, 16 May 2006 12:48:07 +0100
Subject: fix security issue in view

---
 backend.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'backend.php')

diff --git a/backend.php b/backend.php
index 914a04ba6..51551314e 100644
--- a/backend.php
+++ b/backend.php
@@ -520,7 +520,7 @@
 			num_comments,
 			author
 			FROM ttrss_entries,ttrss_user_entries
-			WHERE	id = '$id' AND ref_id = id");
+			WHERE	id = '$id' AND ref_id = id AND owner_uid = " . $_SESSION["uid"]);
 
 		print "<html><head>
 			<title>Tiny Tiny RSS : Article $id</title>
-- 
cgit v1.2.3