add additional ownership checks to getfeedcounters/getcategorycounters

author Andrew Dolgov <fox@fakecake.org>

Wed, 15 Aug 2012 15:34:50 +0000 (19:34 +0400)

committer Andrew Dolgov <fox@fakecake.org>

Wed, 15 Aug 2012 15:34:50 +0000 (19:34 +0400)
author Andrew Dolgov <fox@fakecake.org>
Wed, 15 Aug 2012 15:34:50 +0000 (19:34 +0400)
committer Andrew Dolgov <fox@fakecake.org>
Wed, 15 Aug 2012 15:34:50 +0000 (19:34 +0400)
diff --git a/include/functions.php b/include/functions.php

index 41f6c9db5e9052643305751fea4bd480ea0f3338..0bb761f5dc94f21fe9fc62d98a7396ffc7c19887 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -1506,6 +1506,7 @@
                                 WHERE c2.parent_cat = ttrss_feed_categories.id) AS num_children
                         FROM ttrss_feed_categories, ttrss_cat_counters_cache
                         WHERE ttrss_cat_counters_cache.feed_id = id AND
+                       ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid AND
                         ttrss_feed_categories.owner_uid = " . $_SESSION["uid"]);
  
                 while ($line = db_fetch_assoc($result)) {
@@ -1843,6 +1844,7 @@
                                 last_error, value AS count
                         FROM ttrss_feeds, ttrss_counters_cache
                         WHERE ttrss_feeds.owner_uid = ".$_SESSION["uid"]."
+                               AND ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid
                                 AND ttrss_counters_cache.feed_id = id";
  
                 $result = db_query($link, $query);
author	Andrew Dolgov <fox@fakecake.org>
	Wed, 15 Aug 2012 15:34:50 +0000 (19:34 +0400)
committer	Andrew Dolgov <fox@fakecake.org>
	Wed, 15 Aug 2012 15:34:50 +0000 (19:34 +0400)