fix security issue in view

author Andrew Dolgov <fox@madoka.spb.ru>

Tue, 16 May 2006 11:48:07 +0000 (12:48 +0100)

committer Andrew Dolgov <fox@madoka.spb.ru>

Tue, 16 May 2006 11:48:07 +0000 (12:48 +0100)
author Andrew Dolgov <fox@madoka.spb.ru>
Tue, 16 May 2006 11:48:07 +0000 (12:48 +0100)
committer Andrew Dolgov <fox@madoka.spb.ru>
Tue, 16 May 2006 11:48:07 +0000 (12:48 +0100)
diff --git a/backend.php b/backend.php

index 914a04ba6103af7adcdee41ad4316a2955d5be58..51551314e487f12033e375ced788cb3c6c0dfff2 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -520,7 +520,7 @@
                         num_comments,
                         author
                         FROM ttrss_entries,ttrss_user_entries
-                       WHERE   id = '$id' AND ref_id = id");
+                       WHERE   id = '$id' AND ref_id = id AND owner_uid = " . $_SESSION["uid"]);
  
                 print "<html><head>
                         <title>Tiny Tiny RSS : Article $id</title>
author	Andrew Dolgov <fox@madoka.spb.ru>
	Tue, 16 May 2006 11:48:07 +0000 (12:48 +0100)
committer	Andrew Dolgov <fox@madoka.spb.ru>
	Tue, 16 May 2006 11:48:07 +0000 (12:48 +0100)