# HG changeset patch
# User Dan
# Date 1204864288 18000
# Node ID 7134d4bf7a23a0c84b257fb30f47383bf8f0a013
# Parent  340c81fdd350345ea0b702fbfe059f006cb0bc4b
[Security] made session manager have some degree of IP validation for session keys and upgrades

diff -r 340c81fdd350 -r 7134d4bf7a23 includes/sessions.php
--- a/includes/sessions.php	Thu Mar 06 23:27:50 2008 -0500
+++ b/includes/sessions.php	Thu Mar 06 23:31:28 2008 -0500
@@ -1272,7 +1272,7 @@
       $fail = true;
       if ( defined('IN_ENANO_UPGRADE') )
       {
-        if ( installer_enano_version() == '1.1.3' )
+        if ( installer_enano_version() == '1.1.3' && substr($ip, 0, 10) == substr($row['source_ip'], 0, 10) )
           $fail = false;
       }
       // Failed IP address check