From 25545c06b25644a093f442b42bd97bab627aa3e5 Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Wed, 9 Dec 2009 21:33:25 +0000
Subject: [PATCH] Let's add some more checks. #54295

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10308 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/feed.php | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/phpBB/feed.php b/phpBB/feed.php
index ef1bfd48d1..d658e2993b 100644
--- a/phpBB/feed.php
+++ b/phpBB/feed.php
@@ -66,10 +66,7 @@ if ($feed === false)
 }
 
 // Open Feed
-if ($feed->open() === false)
-{
-	trigger_error('NO_FEED');
-}
+$feed->open();
 
 // Iterate through items
 while ($row = $feed->get_item())
@@ -480,25 +477,33 @@ class phpbb_feed
 
 	function open()
 	{
-		global $db, $user;
+		global $auth, $db, $user;
 
 		if ($this->topic_id)
 		{
-			$sql = 'SELECT topic_title
+			// Topic feed
+			$sql = 'SELECT forum_id
 				FROM ' . TOPICS_TABLE . '
 				WHERE topic_id = ' . $this->topic_id;
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
+			$this->forum_id = (int) $row['forum_id'];
 			$db->sql_freeresult($result);
 
 			if (empty($row))
 			{
-				return false;
+				trigger_error('NO_TOPIC');
+			}
+
+			if (!$auth->acl_get('f_read', $this->forum_id))
+			{
+				trigger_error('SORRY_AUTH_READ');
 			}
 		}
 		else if ($this->forum_id)
 		{
-			$sql = 'SELECT forum_name
+			// Forum feed
+			$sql = 'SELECT forum_id
 				FROM ' . FORUMS_TABLE . '
 				WHERE forum_id = ' . $this->forum_id;
 			$result = $db->sql_query($sql);
@@ -507,7 +512,12 @@ class phpbb_feed
 
 			if (empty($row))
 			{
-				return false;
+				trigger_error('NO_FORUM');
+			}
+
+			if (!$auth->acl_get('f_read', $this->forum_id))
+			{
+				trigger_error('SORRY_AUTH_READ');
 			}
 		}