mirror of
https://github.com/miniflux/v2.git
synced 2025-08-01 17:38:37 +00:00
Security fix: any user can delete any feed
Regression introduced in commit 51fb949.
This commit is contained in:
Frédéric Guillot
parent
fa49bcaf8b
commit
32439ca2f0
2 changed files with 7 additions and 1 deletions
|
|
@ -381,7 +381,7 @@ func (s *Storage) RemoveFeed(userID, feedID int64) error {
|
|||
}
|
||||
}
|
||||
|
||||
if _, err := s.db.Exec(`DELETE FROM feeds WHERE id=$1`, feedID); err != nil {
|
||||
if _, err := s.db.Exec(`DELETE FROM feeds WHERE id=$1 AND user_id=$2`, feedID, userID); err != nil {
|
||||
return fmt.Errorf(`store: unable to delete feed #%d: %v`, feedID, err)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue