From 5c481fb24997fd292c6933b9d1c711e948732414 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 16 Dec 2018 19:08:41 +0300
Subject: rpc/checkforupdates: restrict to administrative access level

---
 classes/rpc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/rpc.php')

diff --git a/classes/rpc.php b/classes/rpc.php
index eb6fd4895..b2184d8ec 100755
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -601,7 +601,7 @@ class RPC extends Handler_Protected {
 	function checkforupdates() {
 		$rv = [];
 
-		if (CHECK_FOR_UPDATES && defined("GIT_VERSION_TIMESTAMP")) {
+		if (CHECK_FOR_UPDATES && $_SESSION["access_level"] >= 10 && defined("GIT_VERSION_TIMESTAMP")) {
 			$content = @fetch_file_contents(["url" => "https://tt-rss.org/version.json"]);
 
 			if ($content) {
-- 
cgit v1.2.3