From 4afcf635635c548bbad0a27b7c9c7d2b3804fc61 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 20 Jul 2016 13:55:51 +0300
Subject: [PATCH] api host: add session validation

---
 api/index.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/api/index.php b/api/index.php
index b02a5d679..d451a3ac8 100644
--- a/api/index.php
+++ b/api/index.php
@@ -58,6 +58,16 @@
 	if (!init_plugins()) return;
 
 	if ($_SESSION["uid"]) {
+		if (!validate_session()) {
+			header("Content-Type: text/json");
+
+			print json_encode(array("seq" => -1,
+				"status" => 1,
+				"content" => array("error" => "NOT_LOGGED_IN")));
+
+			return;
+		}
+
 		load_user_plugins( $_SESSION["uid"]);
 	}
 
-- 
GitLab