From 7ae65adfc5dc8254bb2749af1f4e0ccc418406ec Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 16 Mar 2006 11:57:22 +0100 Subject: [PATCH] prevent setting session cookie when user not logged in and tt-rss.php/prefs.php is requested --- functions.php | 11 +++++++++++ prefs.php | 5 ++++- tt-rss.php | 5 ++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/functions.php b/functions.php index a7a17f9b5..18546ca18 100644 --- a/functions.php +++ b/functions.php @@ -839,6 +839,17 @@ return true; } + function basic_nosid_redirect_check() { + if (!SINGLE_USER_MODE) { + if (!$_COOKIE["ttrss_sid"]) { + $redirect_uri = get_login_redirect(); + $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]); + header("Location: $redirect_uri?rt=$return_to"); + exit; + } + } + } + function login_sequence($link) { if (!SINGLE_USER_MODE) { diff --git a/prefs.php b/prefs.php index 7dd81e2bf..639f5d86e 100644 --- a/prefs.php +++ b/prefs.php @@ -1,11 +1,14 @@