From ea30061ccedd37f47928ee5a9df89397d2c591bb Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 5 Jul 2019 16:02:51 +0300
Subject: public: fix share() returning random unshared articles if uuid is not
 given

---
 classes/handler/public.php | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'classes/handler')

diff --git a/classes/handler/public.php b/classes/handler/public.php
index b4f0a5b6f..0e990bec7 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -298,23 +298,25 @@ class Handler_Public extends Handler {
 	function share() {
 		$uuid = clean($_REQUEST["key"]);
 
-		$sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
-			uuid = ?");
-		$sth->execute([$uuid]);
+		if ($uuid) {
+			$sth = $this->pdo->prepare("SELECT ref_id, owner_uid 
+						FROM ttrss_user_entries WHERE uuid = ?");
+			$sth->execute([$uuid]);
 
-		if ($row = $sth->fetch()) {
-			header("Content-Type: text/html");
+			if ($row = $sth->fetch()) {
+				header("Content-Type: text/html");
 
-			$id = $row["ref_id"];
-			$owner_uid = $row["owner_uid"];
+				$id = $row["ref_id"];
+				$owner_uid = $row["owner_uid"];
 
-			print $this->format_article($id, $owner_uid);
+				print $this->format_article($id, $owner_uid);
 
-		} else {
-			header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
-			print "Article not found.";
+				return;
+			}
 		}
 
+		header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
+		print "Article not found.";
 	}
 
 	private function get_article_image($enclosures, $content, $site_url) {
-- 
cgit v1.2.3