From: Anders Kaseorg Date: Fri, 22 May 2015 03:53:14 +0000 (-0400) Subject: Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC X-Git-Tag: 16.3~320^2 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=0e653f751ee8346a9d24ff9974aa08d205954b4f;p=tt-rss.git Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC The undocumented _DISABLE_FEED_BROWSER option added in commit c39befacb29f3f709e2d248ab6d6235524d6e929 turns off the UI for looking at which feeds other users are subscribed to, but it did not prevent you from manually constructing an RPC call to get the same data. This was a privacy risk for those who consider _DISABLE_FEED_BROWSER important. Signed-off-by: Anders Kaseorg --- diff --git a/classes/rpc.php b/classes/rpc.php index b4de44a7..a84883bf 100644 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -379,6 +379,8 @@ class RPC extends Handler_Protected { } function updateFeedBrowser() { + if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; + $search = $this->dbh->escape_string($_REQUEST["search"]); $limit = $this->dbh->escape_string($_REQUEST["limit"]); $mode = (int) $this->dbh->escape_string($_REQUEST["mode"]); diff --git a/include/feedbrowser.php b/include/feedbrowser.php index 8907aa9e..800bcd97 100644 --- a/include/feedbrowser.php +++ b/include/feedbrowser.php @@ -1,6 +1,8 @@