From: Andrew Dolgov <fox@fakecake.org>
Date: Wed, 15 Aug 2012 15:34:50 +0000 (+0400)
Subject: add additional ownership checks to getfeedcounters/getcategorycounters
X-Git-Tag: 1.6.0~144
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=fc9de939857feb3dc0b46e674464bc7e68a72130;p=tt-rss.git

add additional ownership checks to getfeedcounters/getcategorycounters
---

diff --git a/include/functions.php b/include/functions.php
index 41f6c9db..0bb761f5 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1506,6 +1506,7 @@
 				WHERE c2.parent_cat = ttrss_feed_categories.id) AS num_children
 			FROM ttrss_feed_categories, ttrss_cat_counters_cache
 			WHERE ttrss_cat_counters_cache.feed_id = id AND
+			ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid AND
 			ttrss_feed_categories.owner_uid = " . $_SESSION["uid"]);
 
 		while ($line = db_fetch_assoc($result)) {
@@ -1843,6 +1844,7 @@
 				last_error, value AS count
 			FROM ttrss_feeds, ttrss_counters_cache
 			WHERE ttrss_feeds.owner_uid = ".$_SESSION["uid"]."
+				AND ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid
 				AND ttrss_counters_cache.feed_id = id";
 
 		$result = db_query($link, $query);