]> git.wh0rd.org - tt-rss.git/blobdiff - classes/feeds.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
feed debugger: only allow debugging users own feeds
[tt-rss.git] / classes / feeds.php
diff --git a/classes/feeds.php b/classes/feeds.php
index 30d26f361937aa4cb95defbcfd106977ff89a231..95987f7334d7c1a6f02a7c1a700de4f1f5c53f77 100755 (executable)
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -1195,6 +1195,14 @@ class Feeds extends Handler_Protected {
                @$do_update = $_REQUEST["action"] == "do_update";
                $csrf_token = $_REQUEST["csrf_token"];
 
+               $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ? AND owner_uid = ?");
+               $sth->execute([$feed_id, $_SESSION['uid']]);
+
+               if (!$sth->fetch()) {
+                   print "Access denied.";
+                   return;
+        }
+
                $refetch_checked = isset($_REQUEST["force_refetch"]) ? "checked" : "";
                $rehash_checked = isset($_REQUEST["force_rehash"]) ? "checked" : "";
 
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/