From 54cbeeac3a2778738c2416054c5ecfee884b774e Mon Sep 17 00:00:00 2001
From: Alishan Ladhani <8869764+aladh@users.noreply.github.com>
Date: Sat, 2 Sep 2023 12:14:54 -0400
Subject: [PATCH] Prevent unauthorized access to feeds with a single subscriber

Fixes https://github.com/samuelclay/NewsBlur/issues/1793
---
 apps/reader/views.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/reader/views.py b/apps/reader/views.py
index 557c9e27d..030a5e3da 100644
--- a/apps/reader/views.py
+++ b/apps/reader/views.py
@@ -671,6 +671,10 @@ def load_single_feed(request, feed_id):
     if feed.is_newsletter and not usersub:
         # User must be subscribed to a newsletter in order to read it
         raise Http404
+
+    if feed.num_subscribers = 1 and not usersub:
+        # This feed could be private so user must be subscribed in order to read it
+        raise Http404
     
     if page > 400:
         logging.user(request, "~BR~FK~SBOver page 400 on single feed: %s" % page)