From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Tue, 16 May 2006 11:48:07 +0000 (+0100)
Subject: fix security issue in view
X-Git-Tag: 1.2.0~125
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=12fb24b921779038ec09b0fb2b31c94380a0aeaa;p=tt-rss.git

fix security issue in view
---

diff --git a/backend.php b/backend.php
index 914a04ba..51551314 100644
--- a/backend.php
+++ b/backend.php
@@ -520,7 +520,7 @@
 			num_comments,
 			author
 			FROM ttrss_entries,ttrss_user_entries
-			WHERE	id = '$id' AND ref_id = id");
+			WHERE	id = '$id' AND ref_id = id AND owner_uid = " . $_SESSION["uid"]);
 
 		print "<html><head>
 			<title>Tiny Tiny RSS : Article $id</title>