From 8aa247ca730a16c837859b644b0e2998d41885ac Mon Sep 17 00:00:00 2001
From: Alessandro Cosentino <cosenal@gmail.com>
Date: Sun, 12 Aug 2012 21:27:16 -0400
Subject: checks userid before deleting

---
 lib/feedmapper.php   |  8 ++++----
 lib/foldermapper.php | 10 +++++-----
 2 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'lib')

diff --git a/lib/feedmapper.php b/lib/feedmapper.php
index df310730d..596858538 100644
--- a/lib/feedmapper.php
+++ b/lib/feedmapper.php
@@ -211,9 +211,9 @@ class FeedMapper {
 		if ($id == null) {
 			return false;
 		}
-		$stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?');
+		$stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?');
 
-		$result = $stmt->execute(array($id));
+		$result = $stmt->execute(array($id, $this->userid));
 
 		$itemMapper = new ItemMapper();
 		//TODO: handle the value that the execute returns
@@ -231,9 +231,9 @@ class FeedMapper {
 			return false;
 		}
 
-		$stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ?');
+		$stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ? AND user_id = ?');
 
-		$result = $stmt->execute(array($folderid));
+		$result = $stmt->execute(array($folderid, $this->userid));
 		while ($row = $result->fetchRow()) {
 			if(!self::deleteById($row['id']))
 				return false;
diff --git a/lib/foldermapper.php b/lib/foldermapper.php
index 7fb8aa9af..33a14a0c4 100644
--- a/lib/foldermapper.php
+++ b/lib/foldermapper.php
@@ -138,17 +138,17 @@ class FolderMapper {
 		}
 
 		// delete child folders
-		$stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName .' WHERE parent_id = ?');
-		$result = $stmt->execute(array($folderid));
+		$stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName .' WHERE parent_id = ? AND user_id = ?');
+		$result = $stmt->execute(array($folderid, $this->userid));
 		while ($row = $result->fetchRow()) {
 			if (!self::deleteById($row['id']))
 				return false;
 		}
 
-		$stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?');
-		$result = $stmt->execute(array($folderid));
+		$stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?');
+		$result = $stmt->execute(array($folderid, $this->userid));
 
-		$feedMapper = new FeedMapper();
+		$feedMapper = new FeedMapper($this->userid);
 		//TODO: handle the value that the execute returns
 		if(!$feedMapper->deleteAll($folderid))
 			return false;
-- 
cgit v1.2.3