X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=include%2Ffunctions.php;h=5588590a85c2ab8a99268af9db4d20fef498d308;hb=f730d7bb0ac691153eacd80844bb530dca04e3cc;hp=453f329b4bc3b3b2f47feb50dec95b8543d5cb1c;hpb=1da0818188722cb21ccc2cbccac8d9ceeb470187;p=tt-rss.git

diff --git a/include/functions.php b/include/functions.php
index 453f329b..5588590a 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -700,22 +700,33 @@
 
 		if (!SINGLE_USER_MODE) {
 			$user_id = false;
+			$auth_module = false;
 
 			foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) {
 
 				$user_id = (int) $plugin->authenticate($login, $password);
 
 				if ($user_id) {
-					$_SESSION["auth_module"] = strtolower(get_class($plugin));
+					$auth_module = strtolower(get_class($plugin));
 					break;
 				}
 			}
 
 			if ($user_id && !$check_only) {
-				@session_start();
+
+				/* if a session is started here there's a stale login cookie we need to clean */
+
+				if (session_status() != PHP_SESSION_NONE) {
+					$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+					return false;
+				}
+
+				session_regenerate_id(true);
+				session_start();
 
 				$_SESSION["uid"] = $user_id;
 				$_SESSION["version"] = VERSION_STATIC;
+				$_SESSION["auth_module"] = $auth_module;
 
 				$pdo = DB::pdo();
 				$sth = $pdo->prepare("SELECT login,access_level,pwd_hash FROM ttrss_users
@@ -811,10 +822,11 @@
 	}
 
 	function logout_user() {
-		session_destroy();
+		@session_destroy();
 		if (isset($_COOKIE[session_name()])) {
 		   setcookie(session_name(), '', time()-42000, '/');
 		}
+		session_commit();
 	}
 
 	function validate_csrf($csrf_token) {
@@ -856,8 +868,7 @@
 				}
 
 				if (!$_SESSION["uid"]) {
-					@session_destroy();
-					setcookie(session_name(), '', time()-42000, '/');
+					logout_user();
 
 					render_login_form();
 					exit;
@@ -1682,22 +1693,32 @@
 						}
 					}
 				}
+			}
+
+			if ($entry->hasAttribute('src') &&
+					($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) {
+
+				$p = $doc->createElement('p');
+
+				$a = $doc->createElement('a');
+				$a->setAttribute('href', $entry->getAttribute('src'));
+
+				$a->appendChild(new DOMText($entry->getAttribute('src')));
+				$a->setAttribute('target', '_blank');
+				$a->setAttribute('rel', 'noopener noreferrer');
 
-				if (($owner && get_pref("STRIP_IMAGES", $owner)) ||
-					$force_remove_images || $_SESSION["bw_limit"]) {
+				$p->appendChild($a);
 
-					$p = $doc->createElement('p');
+				if ($entry->nodeName == 'source') {
 
-					$a = $doc->createElement('a');
-					$a->setAttribute('href', $entry->getAttribute('src'));
+					if ($entry->parentNode && $entry->parentNode->parentNode)
+						$entry->parentNode->parentNode->replaceChild($p, $entry->parentNode);
 
-					$a->appendChild(new DOMText($entry->getAttribute('src')));
-					$a->setAttribute('target', '_blank');
-					$a->setAttribute('rel', 'noopener noreferrer');
+				} else if ($entry->nodeName == 'img') {
 
-					$p->appendChild($a);
+					if ($entry->parentNode)
+						$entry->parentNode->replaceChild($p, $entry);
 
-					$entry->parentNode->replaceChild($p, $entry);
 				}
 			}