From: Anders Kaseorg <andersk@mit.edu>
Date: Fri, 22 May 2015 03:53:14 +0000 (-0400)
Subject: Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC
X-Git-Tag: 16.3~320^2
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=0e653f751ee8346a9d24ff9974aa08d205954b4f;p=tt-rss.git

Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC

The undocumented _DISABLE_FEED_BROWSER option added in commit
c39befacb29f3f709e2d248ab6d6235524d6e929 turns off the UI for looking
at which feeds other users are subscribed to, but it did not prevent
you from manually constructing an RPC call to get the same data.  This
was a privacy risk for those who consider _DISABLE_FEED_BROWSER
important.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
---

diff --git a/classes/rpc.php b/classes/rpc.php
index b4de44a7..a84883bf 100644
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -379,6 +379,8 @@ class RPC extends Handler_Protected {
 	}
 
 	function updateFeedBrowser() {
+		if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
+
 		$search = $this->dbh->escape_string($_REQUEST["search"]);
 		$limit = $this->dbh->escape_string($_REQUEST["limit"]);
 		$mode = (int) $this->dbh->escape_string($_REQUEST["mode"]);
diff --git a/include/feedbrowser.php b/include/feedbrowser.php
index 8907aa9e..800bcd97 100644
--- a/include/feedbrowser.php
+++ b/include/feedbrowser.php
@@ -1,6 +1,8 @@
 <?php
 	function make_feed_browser($search, $limit, $mode = 1) {
 
+		if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
+
 		$owner_uid = $_SESSION["uid"];
 		$rv = '';