From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 20 Jul 2016 10:55:51 +0000 (+0300)
Subject: api host: add session validation
X-Git-Tag: 16.8~17
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=4afcf635635c548bbad0a27b7c9c7d2b3804fc61;p=tt-rss.git

api host: add session validation
---

diff --git a/api/index.php b/api/index.php
index b02a5d67..d451a3ac 100644
--- a/api/index.php
+++ b/api/index.php
@@ -58,6 +58,16 @@
 	if (!init_plugins()) return;
 
 	if ($_SESSION["uid"]) {
+		if (!validate_session()) {
+			header("Content-Type: text/json");
+
+			print json_encode(array("seq" => -1,
+				"status" => 1,
+				"content" => array("error" => "NOT_LOGGED_IN")));
+
+			return;
+		}
+
 		load_user_plugins( $_SESSION["uid"]);
 	}