From ccfa90803bd094a4eaa8959a9bd9c2d775b7788c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Thu, 11 Apr 2013 21:39:54 +0400
Subject: [PATCH] backend: add session validation check

---
 backend.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend.php b/backend.php
index 9eb3989e4..6ee0e081f 100644
--- a/backend.php
+++ b/backend.php
@@ -62,6 +62,11 @@
 	}
 
 	if ($_SESSION["uid"]) {
+		if (!validate_session($link)) {
+			header("Content-Type: text/json");
+			print json_encode(array("error" => array("code" => 6)));
+			return;
+		}
 		load_user_plugins($link, $_SESSION["uid"]);
 	}