checks userid before deleting

author: Alessandro Cosentino <cosenal@gmail.com> 2012-08-12 21:27:16 -0400
committer: Alessandro Cosentino <cosenal@gmail.com> 2012-08-12 21:27:16 -0400
commit: 8aa247ca730a16c837859b644b0e2998d41885ac (patch)
tree: 5310819ac81ce4e4ca7502f4b43151eec3295174 /lib/feedmapper.php
parent: 90fb216e7dd61c9571d225aa7c5c834c654d9cef (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/feedmapper.php b/lib/feedmapper.php
index df310730d..596858538 100644
--- a/lib/feedmapper.php
+++ b/lib/feedmapper.php
@@ -211,9 +211,9 @@ class FeedMapper {
 		if ($id == null) {
 			return false;
 		}
-		$stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?');
+		$stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?');
 
-		$result = $stmt->execute(array($id));
+		$result = $stmt->execute(array($id, $this->userid));
 
 		$itemMapper = new ItemMapper();
 		//TODO: handle the value that the execute returns
@@ -231,9 +231,9 @@ class FeedMapper {
 			return false;
 		}
 
-		$stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ?');
+		$stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ? AND user_id = ?');
 
-		$result = $stmt->execute(array($folderid));
+		$result = $stmt->execute(array($folderid, $this->userid));
 		while ($row = $result->fetchRow()) {
 			if(!self::deleteById($row['id']))
 				return false;
author	Alessandro Cosentino <cosenal@gmail.com>	2012-08-12 21:27:16 -0400
committer	Alessandro Cosentino <cosenal@gmail.com>	2012-08-12 21:27:16 -0400
commit	8aa247ca730a16c837859b644b0e2998d41885ac (patch)
tree	5310819ac81ce4e4ca7502f4b43151eec3295174 /lib/feedmapper.php
parent	90fb216e7dd61c9571d225aa7c5c834c654d9cef (diff)