From 837ec70e3ee4378f4d7a0a616ad0f291b311152a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 1 Apr 2013 18:22:07 +0400
Subject: validate_session: check for user agent

---
 include/sessions.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include/sessions.php')

diff --git a/include/sessions.php b/include/sessions.php
index 81a5a7383..778d00e3a 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -57,6 +57,9 @@
 		if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true))
 			return false;
 
+		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
+			return false;
+
 		if ($_SESSION["uid"]) {
 			$result = db_query($link,
 				"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
-- 
cgit v1.2.3