From 810205625b8afb7e08b2829723426f021e0a5c1b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 4 Apr 2013 12:55:15 +0400 Subject: [PATCH] session validation: check for tt-rss version --- include/functions.php | 1 + include/sessions.php | 3 +++ 2 files changed, 4 insertions(+) diff --git a/include/functions.php b/include/functions.php index 02cefd4d8..71fd16542 100644 --- a/include/functions.php +++ b/include/functions.php @@ -630,6 +630,7 @@ @session_start(); $_SESSION["uid"] = $user_id; + $_SESSION["version"] = VERSION; $result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users WHERE id = '$user_id'"); diff --git a/include/sessions.php b/include/sessions.php index 15178915a..0edda4ec7 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -5,6 +5,7 @@ require_once "db.php"; require_once "lib/accept-to-gettext.php"; require_once "lib/gettext/gettext.inc"; + require_once "version.php"; $session_expire = max(SESSION_COOKIE_LIFETIME, 86400); $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME; @@ -38,6 +39,8 @@ if (SINGLE_USER_MODE) return true; if (!$link) return false; + if (VERSION != $_SESSION["version"]) return false; + $check_ip = $_SESSION['ip_address']; switch (SESSION_CHECK_ADDRESS) {