mirror of
https://github.com/viq/NewsBlur.git
synced 2025-08-05 16:49:45 +00:00
Merge pull request #1817 from aladh/patch-1
Prevent unauthorized access to feeds with a single subscriber
This commit is contained in:
Samuel Clay
GitHub
commit
67b1041401
1 changed files with 4 additions and 0 deletions
|
|
@ -672,6 +672,10 @@ def load_single_feed(request, feed_id):
|
||||||
# User must be subscribed to a newsletter in order to read it
|
# User must be subscribed to a newsletter in order to read it
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
|
if feed.num_subscribers = 1 and not usersub:
|
||||||
|
# This feed could be private so user must be subscribed in order to read it
|
||||||
|
raise Http404
|
||||||
|
|
||||||
if page > 400:
|
if page > 400:
|
||||||
logging.user(request, "~BR~FK~SBOver page 400 on single feed: %s" % page)
|
logging.user(request, "~BR~FK~SBOver page 400 on single feed: %s" % page)
|
||||||
assert False
|
assert False
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue