2 files changed, 9 insertions, 2 deletions

diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
index 264607216..7114fc196 100755
--- a/app/Controllers/feedController.php
+++ b/app/Controllers/feedController.php
@@ -7,7 +7,9 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 			$token_param = Minz_Request::param ('token', '');
 			$token_is_ok = ($token != '' && $token == $token_param);
 			$action = Minz_Request::actionName ();
-			if (!($token_is_ok && $action === 'actualize')) {
+			if (!(($token_is_ok || Minz_Configuration::allowAnonymousRefresh()) &&
+				$action === 'actualize')
+			) {
 				Minz_Error::error (
 					403,
 					array ('error' => array (Minz_Translate::t ('access_denied')))
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php
index 8314b75fc..bb4f34c5e 100644
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -54,11 +54,16 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 
 				$anon = Minz_Request::param('anon_access', false);
 				$anon = ((bool)$anon) && ($anon !== 'no');
+				$anon_refresh = Minz_Request::param('anon_refresh', false);
+				$anon_refresh = ((bool)$anon_refresh) && ($anon_refresh !== 'no');
 				$auth_type = Minz_Request::param('auth_type', 'none');
 				if ($anon != Minz_Configuration::allowAnonymous() ||
-					$auth_type != Minz_Configuration::authType()) {
+					$auth_type != Minz_Configuration::authType() ||
+					$anon_refresh != Minz_Configuration::allowAnonymousRefresh()) {
+
 					Minz_Configuration::_authType($auth_type);
 					Minz_Configuration::_allowAnonymous($anon);
+					Minz_Configuration::_allowAnonymousRefresh($anon_refresh);
 					$ok &= Minz_Configuration::writeFile();
 				}
 			}