[Security] made session manager have some degree of IP validation for session keys and upgrades
authorDan
Thu, 06 Mar 2008 23:31:28 -0500
changeset 485 7134d4bf7a23
parent 484 340c81fdd350
child 486 600a92aa34c7
[Security] made session manager have some degree of IP validation for session keys and upgrades
includes/sessions.php
--- a/includes/sessions.php	Thu Mar 06 23:27:50 2008 -0500
+++ b/includes/sessions.php	Thu Mar 06 23:31:28 2008 -0500
@@ -1272,7 +1272,7 @@
       $fail = true;
       if ( defined('IN_ENANO_UPGRADE') )
       {
-        if ( installer_enano_version() == '1.1.3' )
+        if ( installer_enano_version() == '1.1.3' && substr($ip, 0, 10) == substr($row['source_ip'], 0, 10) )
           $fail = false;
       }
       // Failed IP address check