Merge branch 'bugfix/limit-more-by-uid' into 'master'
Filter more results by user ID. See merge request tt-rss/tt-rss!181
This commit is contained in:
Andrew Dolgov
@@ -657,8 +657,10 @@ class Article extends Handler_Protected {
|
||||
|
||||
$entries = ORM::for_table('ttrss_entries')
|
||||
->table_alias('e')
|
||||
->join('ttrss_user_entries', ['ref_id', '=', 'id'], 'ue')
|
||||
->where_in('id', $article_ids)
|
||||
->select('ue.label_cache')
|
||||
->join('ttrss_user_entries', ['ue.ref_id', '=', 'e.id'], 'ue')
|
||||
->where_in('e.id', $article_ids)
|
||||
->where('ue.owner_uid', $_SESSION['uid'])
|
||||
->find_many();
|
||||
|
||||
$rv = [];
|
||||
@@ -687,8 +689,10 @@ class Article extends Handler_Protected {
|
||||
|
||||
$entries = ORM::for_table('ttrss_entries')
|
||||
->table_alias('e')
|
||||
->join('ttrss_user_entries', ['ref_id', '=', 'id'], 'ue')
|
||||
->where_in('id', $article_ids)
|
||||
->select('ue.feed_id')
|
||||
->join('ttrss_user_entries', ['ue.ref_id', '=', 'e.id'], 'ue')
|
||||
->where_in('e.id', $article_ids)
|
||||
->where('ue.owner_uid', $_SESSION['uid'])
|
||||
->find_many();
|
||||
|
||||
$rv = [];
|
||||
|
||||
@@ -580,6 +580,7 @@ class Feeds extends Handler_Protected {
|
||||
|
||||
function opensite(): void {
|
||||
$feed = ORM::for_table('ttrss_feeds')
|
||||
->where('owner_uid', $_SESSION['uid'])
|
||||
->find_one((int)$_REQUEST['feed_id']);
|
||||
|
||||
if ($feed) {
|
||||
@@ -1198,25 +1199,21 @@ class Feeds extends Handler_Protected {
|
||||
|
||||
$label_id = Labels::feed_to_label_id($id);
|
||||
|
||||
$sth = $pdo->prepare("SELECT caption FROM ttrss_labels2 WHERE id = ?");
|
||||
$sth->execute([$label_id]);
|
||||
$label = ORM::for_table('ttrss_labels2')
|
||||
->select('caption')
|
||||
->where('owner_uid', $_SESSION['uid'])
|
||||
->find_one($label_id);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
return $row["caption"];
|
||||
} else {
|
||||
return "Unknown label ($label_id)";
|
||||
}
|
||||
return $label ? $label->caption : "Unknown label ($label_id)";
|
||||
|
||||
} else if (is_numeric($id) && $id > 0) {
|
||||
|
||||
$sth = $pdo->prepare("SELECT title FROM ttrss_feeds WHERE id = ?");
|
||||
$sth->execute([$id]);
|
||||
$feed = ORM::for_table('ttrss_feeds')
|
||||
->select('title')
|
||||
->where('owner_uid', $_SESSION['uid'])
|
||||
->find_one($id);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
return $row["title"];
|
||||
} else {
|
||||
return "Unknown feed ($id)";
|
||||
}
|
||||
return $feed ? $feed->title : "Unknown feed ($id)";
|
||||
|
||||
} else {
|
||||
return "$id";
|
||||
@@ -1358,6 +1355,7 @@ class Feeds extends Handler_Protected {
|
||||
return __("Labels");
|
||||
default:
|
||||
$cat = ORM::for_table('ttrss_feed_categories')
|
||||
->where('owner_uid', $_SESSION['uid'])
|
||||
->find_one($cat_id);
|
||||
|
||||
if ($cat) {
|
||||
|
||||
@@ -871,6 +871,15 @@ class Pref_Filters extends Handler_Protected {
|
||||
/** @var array<int, int> */
|
||||
$ids = array_map("intval", explode(",", clean($_REQUEST["ids"])));
|
||||
|
||||
// fail early if any provided filter IDs aren't owned by the current user
|
||||
$unowned_filter_count = ORM::for_table('ttrss_filters2')
|
||||
->where_in('id', $ids)
|
||||
->where_not_equal('owner_uid', $_SESSION['uid'])
|
||||
->count();
|
||||
|
||||
if ($unowned_filter_count)
|
||||
return;
|
||||
|
||||
if (count($ids) > 1) {
|
||||
$base_id = array_shift($ids);
|
||||
$ids_qmarks = arr_qmarks($ids);
|
||||
|
||||
Reference in New Issue
Block a user