]> git.wh0rd.org - tt-rss.git/commitdiff
git.wh0rd.org / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9fb91a2)
session validation: check for tt-rss version
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Thu, 4 Apr 2013 08:55:15 +0000 (12:55 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Thu, 4 Apr 2013 08:55:15 +0000 (12:55 +0400)
include/functions.php patch | blob | blame | history
include/sessions.php patch | blob | blame | history

diff --git a/include/functions.php b/include/functions.php
index 02cefd4d892ac7713d89c2625f9d7867cd138fd5..71fd165428a7e978cfe9a5aae8c222c9774f7291 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -630,6 +630,7 @@
                                @session_start();
 
                                $_SESSION["uid"] = $user_id;
+                               $_SESSION["version"] = VERSION;
 
                                $result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users
                                        WHERE id = '$user_id'");
diff --git a/include/sessions.php b/include/sessions.php
index 15178915a8934bf10170c9144797a1dce708c988..0edda4ec7d55ae6d556b7bf020fc55388166d6fd 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -5,6 +5,7 @@
        require_once "db.php";
        require_once "lib/accept-to-gettext.php";
        require_once "lib/gettext/gettext.inc";
+       require_once "version.php";
 
        $session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
        $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
@@ -38,6 +39,8 @@
                if (SINGLE_USER_MODE) return true;
                if (!$link) return false;
 
+               if (VERSION != $_SESSION["version"]) return false;
+
                $check_ip = $_SESSION['ip_address'];
 
                switch (SESSION_CHECK_ADDRESS) {
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/