From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Thu, 4 Apr 2013 08:55:15 +0000 (+0400)
Subject: session validation: check for tt-rss version
X-Git-Tag: 1.7.9~82^2
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=810205625b8afb7e08b2829723426f021e0a5c1b;p=tt-rss.git

session validation: check for tt-rss version
---

diff --git a/include/functions.php b/include/functions.php
index 02cefd4d..71fd1654 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -630,6 +630,7 @@
 				@session_start();
 
 				$_SESSION["uid"] = $user_id;
+				$_SESSION["version"] = VERSION;
 
 				$result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users
 					WHERE id = '$user_id'");
diff --git a/include/sessions.php b/include/sessions.php
index 15178915..0edda4ec 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -5,6 +5,7 @@
 	require_once "db.php";
 	require_once "lib/accept-to-gettext.php";
 	require_once "lib/gettext/gettext.inc";
+	require_once "version.php";
 
 	$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
 	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
@@ -38,6 +39,8 @@
 		if (SINGLE_USER_MODE) return true;
 		if (!$link) return false;
 
+		if (VERSION != $_SESSION["version"]) return false;
+
 		$check_ip = $_SESSION['ip_address'];
 
 		switch (SESSION_CHECK_ADDRESS) {