From 448b0abdd5b3292a411958576b3d27d329e085ac Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Mon, 21 Aug 2006 05:03:26 +0100
Subject: [PATCH] security fix for op=digestTest

---
 backend.php   | 1 +
 functions.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/backend.php b/backend.php
index 74cc9730..430086bf 100644
--- a/backend.php
+++ b/backend.php
@@ -3946,6 +3946,7 @@
 
 	if ($op == "digestTest") {
 		header("Content-Type: text/plain");
+
 		echo prepare_headlines_digest($link, $_SESSION["uid"]);
 		$print_exec_time = false;
 
diff --git a/functions.php b/functions.php
index 7ec46f09..3dbe0f84 100644
--- a/functions.php
+++ b/functions.php
@@ -2398,6 +2398,7 @@
 			WHERE 
 				ref_id = ttrss_entries.id AND feed_id = ttrss_feeds.id 
 				AND $interval_query
+				AND ttrss_user_entries.owner_uid = $user_id
 				AND unread = true ORDER BY ttrss_feeds.title, date_entered DESC
 			LIMIT $limit");
 
-- 
2.39.2