session_set_cookie_params(0);
}
- @session_start();
-
if (authenticate_user($login, $password)) {
$_POST["password"] = "";
}
}
} else {
+
+ // start an empty session to deliver login error message
+ @session_start();
+
$_SESSION["login_error_msg"] = __("Incorrect username or password");
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
}
}
function cached_url() {
- @$hash = basename($_GET['hash']);
+ @$req_filename = basename($_GET['hash']);
// we don't need an extension to find the file, hash is a complete URL
- $hash = preg_replace("/\.[^\.]*$/", "", $hash);
+ $hash = preg_replace("/\.[^\.]*$/", "", $req_filename);
if ($hash) {
$filename = CACHE_DIR . '/images/' . $hash;
if (file_exists($filename)) {
- header("Content-Disposition: inline; filename=\"$hash\"");
+ header("Content-Disposition: inline; filename=\"$req_filename\"");
send_local_file($filename);
git.wh0rd.org / tt-rss.git / blobdiff