Mercurial Mercurial > repos > enano-1.1 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[Security] made session manager have some degree of IP validation for session keys and upgrades
authorDan
Thu, 06 Mar 2008 23:31:28 -0500
changeset 485 7134d4bf7a23
parent 484 340c81fdd350
child 486 600a92aa34c7
[Security] made session manager have some degree of IP validation for session keys and upgrades
includes/sessions.php file | annotate | diff | comparison | revisions 
--- a/includes/sessions.php	Thu Mar 06 23:27:50 2008 -0500
+++ b/includes/sessions.php	Thu Mar 06 23:31:28 2008 -0500
@@ -1272,7 +1272,7 @@
       $fail = true;
       if ( defined('IN_ENANO_UPGRADE') )
       {
-        if ( installer_enano_version() == '1.1.3' )
+        if ( installer_enano_version() == '1.1.3' && substr($ip, 0, 10) == substr($row['source_ip'], 0, 10) )
           $fail = false;
       }
       // Failed IP address check
Enano CMS (1.1.x)