diff options
author | Alessandro Cosentino <cosenal@gmail.com> | 2012-08-12 21:27:16 -0400 |
---|---|---|
committer | Alessandro Cosentino <cosenal@gmail.com> | 2012-08-12 21:27:16 -0400 |
commit | 8aa247ca730a16c837859b644b0e2998d41885ac (patch) | |
tree | 5310819ac81ce4e4ca7502f4b43151eec3295174 /lib/feedmapper.php | |
parent | 90fb216e7dd61c9571d225aa7c5c834c654d9cef (diff) |
checks userid before deleting
Diffstat (limited to 'lib/feedmapper.php')
-rw-r--r-- | lib/feedmapper.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/feedmapper.php b/lib/feedmapper.php index df310730d..596858538 100644 --- a/lib/feedmapper.php +++ b/lib/feedmapper.php @@ -211,9 +211,9 @@ class FeedMapper { if ($id == null) { return false; } - $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?'); + $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?'); - $result = $stmt->execute(array($id)); + $result = $stmt->execute(array($id, $this->userid)); $itemMapper = new ItemMapper(); //TODO: handle the value that the execute returns @@ -231,9 +231,9 @@ class FeedMapper { return false; } - $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ?'); + $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ? AND user_id = ?'); - $result = $stmt->execute(array($folderid)); + $result = $stmt->execute(array($folderid, $this->userid)); while ($row = $result->fetchRow()) { if(!self::deleteById($row['id'])) return false; |