public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 05:15:55 +00:00
Code Issues Releases Wiki Activity

sessions: stop validating against hash of user agent because chromium is sending

Browse Source 
different agent headers for whatever reason, example:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36

Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36

seems to be related, at least, to App.postOpenWindow() hack.
This commit is contained in:
Andrew Dolgov
2021-03-05 12:27:23 +03:00
parent 98c75a9e43
commit fe06416f17
2 changed files with 2 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
include/sessions.php
View File

@@ -22,35 +22,18 @@
function validate_session() {
if (\Config::get(\Config::SINGLE_USER_MODE)) return true;
/* if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != \Config::get_schema_version()) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (schema version changed)");
return false;
} */
$pdo = \Db::pdo();
if (!empty($_SESSION["uid"])) {
if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
return false;
}
$user = \ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
if ($user) {
if ($user->pwd_hash != $_SESSION["pwd_hash"]) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (password changed)");
$_SESSION["login_error_msg"] = __("Session failed to validate (password changed)");
return false;
}
} else {
$_SESSION["login_error_msg"] =
__("Session failed to validate (user not found)");
$_SESSION["login_error_msg"] = __("Session failed to validate (user not found)");
return false;
}
}