X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fhandler%2Fpublic.php;h=7cce7d71b061d24f5bf1f93093b9b5173456e354;hb=65e98f40867862eb345676e23b633b9f52109d30;hp=8440bc3551647e702b0f9827a2301c3e5538598a;hpb=f830f853a919c458d06bdc6ce292b8ae73a801f3;p=tt-rss.git

diff --git a/classes/handler/public.php b/classes/handler/public.php
old mode 100644
new mode 100755
index 8440bc35..7cce7d71
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -476,8 +476,6 @@ class Handler_Public extends Handler {
 				session_set_cookie_params(0);
 			}
 
-			@session_start();
-
 			if (authenticate_user($login, $password)) {
 				$_POST["password"] = "";
 
@@ -501,6 +499,10 @@ class Handler_Public extends Handler {
 					}
 				}
 			} else {
+
+				// start an empty session to deliver login error message
+				@session_start();
+
 				$_SESSION["login_error_msg"] = __("Incorrect username or password");
 				user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
 			}
@@ -934,17 +936,17 @@ class Handler_Public extends Handler {
 	}
 
 	function cached_url() {
-		@$hash = basename($_GET['hash']);
+		@$req_filename = basename($_GET['hash']);
 
 		// we don't need an extension to find the file, hash is a complete URL
-		$hash = preg_replace("/\.[^\.]*$/", "", $hash);
+		$hash = preg_replace("/\.[^\.]*$/", "", $req_filename);
 
 		if ($hash) {
 
 			$filename = CACHE_DIR . '/images/' . $hash;
 
 			if (file_exists($filename)) {
-				header("Content-Disposition: inline; filename=\"$hash\"");
+				header("Content-Disposition: inline; filename=\"$req_filename\"");
 
 				send_local_file($filename);