Prevents disabled users from accessing hash-protected resources (currently RSS feeds...

author Vincent Zanotti <vincent.zanotti@polytechnique.org>

Sat, 22 Mar 2008 18:58:41 +0000 (19:58 +0100)

committer Vincent Zanotti <vincent.zanotti@polytechnique.org>

Sat, 22 Mar 2008 18:58:41 +0000 (19:58 +0100)
author Vincent Zanotti <vincent.zanotti@polytechnique.org>
Sat, 22 Mar 2008 18:58:41 +0000 (19:58 +0100)
committer Vincent Zanotti <vincent.zanotti@polytechnique.org>
Sat, 22 Mar 2008 18:58:41 +0000 (19:58 +0100)
diff --git a/include/rss.inc.php b/include/rss.inc.php

index 9dc4f86..89d63ca 100644 (file)
--- a/include/rss.inc.php
+++ b/include/rss.inc.php
@@ -37,7 +37,8 @@ function init_rss($template, $alias, $hash, $require_uid = true)
      $res = XDB::query(
          'SELECT  a.id
             FROM  aliases         AS a
-     INNER JOIN  auth_user_quick AS q ON ( a.id = q.user_id AND q.core_rss_hash = {?} )
+     INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
+     INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
            WHERE  a.alias = {?} AND a.type != "homonyme"', $hash, $alias);
      $uid = $res->fetchOneCell();
author	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Sat, 22 Mar 2008 18:58:41 +0000 (19:58 +0100)
committer	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Sat, 22 Mar 2008 18:58:41 +0000 (19:58 +0100)