From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 9 Feb 2011 09:37:50 +0000 (+0300)
Subject: backend/rss: better error reporting for unauthorized feeds, do not automatically... 
X-Git-Tag: 1.5.2~41
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=19039fd07b1f8a0d68ca9fe90ff2eb103443f4f5;p=tt-rss.git

backend/rss: better error reporting for unauthorized feeds, do not automatically fallback on active session id when key has been provided (refs #318)
---

diff --git a/backend.php b/backend.php
index c7bd6180..4c9813cd 100644
--- a/backend.php
+++ b/backend.php
@@ -465,17 +465,21 @@
 			}
 
 			if ($key) {
+				$_SESSION['uid'] = false; // do not fallback to active session id
+
 				$result = db_query($link, "SELECT owner_uid FROM
 					ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
 
 				if (db_num_rows($result) == 1)
 					$_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid");
-
 			}
 
 			if ($_SESSION["uid"]) {
 				generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
 					$search, $search_mode, $match_on, $view_mode);
+			} else {
+				header('HTTP/1.1 403 Forbidden');
+				print_error_xml(6); die;
 			}
 		break; // rss