public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 20:35:55 +00:00
Code Issues Releases Wiki Activity

validate_session: check for user agent

Browse Source
This commit is contained in:
Andrew Dolgov
2013-04-01 18:22:07 +04:00
parent 5203901036
commit 837ec70e3e
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/sessions.php
View File

@@ -57,6 +57,9 @@
if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true))
return false;
if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
return false;
if ($_SESSION["uid"]) {
$result = db_query($link,
"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");