mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-04 13:14:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add missing access checks for feed-related actions (#7768)

Browse Source 
* Add missing access checks for feed-related actions

* fix whitespace
This commit is contained in:
Inverle
2025-07-31 13:48:42 +02:00
committed by GitHub
parent 97f1bd2dcb
commit d0425f8c3a
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/Controllers/javascriptController.php
View File

@@ -19,6 +19,14 @@ class FreshRSS_javascript_Controller extends FreshRSS_ActionController {
}
public function actualizeAction(): void {
if (!FreshRSS_Auth::hasAccess() && !(
FreshRSS_Context::systemConf()->allow_anonymous
&& FreshRSS_Context::systemConf()->allow_anonymous_refresh
)) {
Minz_Error::error(403);
return;
}
header('Content-Type: application/json; charset=UTF-8');
Minz_Session::_param('actualize_feeds', false);
@@ -34,6 +42,11 @@ class FreshRSS_javascript_Controller extends FreshRSS_ActionController {
}
public function nbUnreadsPerFeedAction(): void {
if (!FreshRSS_Auth::hasAccess() && !FreshRSS_Context::systemConf()->allow_anonymous) {
Minz_Error::error(403);
return;
}
header('Content-Type: application/json; charset=UTF-8');
$catDAO = FreshRSS_Factory::createCategoryDao();
$this->view->categories = $catDAO->listCategories(prePopulateFeeds: true, details: false);