From 60cf5ea297a17db861e73cd65d7b7862bd6bcc24 Mon Sep 17 00:00:00 2001
From: Inverle <inverle@proton.me>
Date: Thu, 4 Dec 2025 08:46:11 +0100
Subject: Improve anonymous authentication logic (#8165)

* Improve anonymous authentication logic

* forgot to git add

* Fix incorrect token check

Because an empty parameter could be just passed if token for the user wasn't set: `&token=`
---
 app/layout/layout.phtml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'app/layout')

diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml
index fc6675a40..aa89cac96 100644
--- a/app/layout/layout.phtml
+++ b/app/layout/layout.phtml
@@ -53,8 +53,10 @@
 	if ($this->rss_title != '') {
 		$url_rss = $url_base;
 		$url_rss['a'] = 'rss';
-		$url_rss['params']['user'] = Minz_User::name() ?? '';
-		$url_rss['params']['token'] = FreshRSS_Context::userConf()->token;
+		if (FreshRSS_Auth::hasAccess()) {
+			$url_rss['params']['user'] = Minz_User::name() ?? '';
+			$url_rss['params']['token'] = FreshRSS_Context::userConf()->token;
+		}
 		unset($url_rss['params']['rid']);
 		if (FreshRSS_Context::userConf()->since_hours_posts_per_rss) {
 			$url_rss['params']['hours'] = FreshRSS_Context::userConf()->since_hours_posts_per_rss;
@@ -64,8 +66,10 @@
 <?php } if (FreshRSS_Context::isAll() || FreshRSS_Context::isAllAndCategories() || FreshRSS_Context::isAllAndArchived() || FreshRSS_Context::isCategory() || FreshRSS_Context::isFeed()) {
 		$opml_rss = $url_base;
 		$opml_rss['a'] = 'opml';
-		$opml_rss['params']['user'] = Minz_User::name() ?? '';
-		$opml_rss['params']['token'] = FreshRSS_Context::userConf()->token;
+		if (FreshRSS_Auth::hasAccess()) {
+			$opml_rss['params']['user'] = Minz_User::name() ?? '';
+			$opml_rss['params']['token'] = FreshRSS_Context::userConf()->token;
+		}
 		unset($opml_rss['params']['rid']);
 ?>
 		<link rel="outline" type="text/x-opml" title="OPML" href="<?= Minz_Url::display($opml_rss) ?>" />
-- 
cgit v1.2.3