valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

don't try to call hash_equals() on unset user token

This commit is contained in:
Andrew Dolgov 2020-09-17 10:20:55 +03:00
parent f72e6947d5
commit 5a7e7e1367
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions.php
View File

@ -679,7 +679,7 @@
}
function validate_csrf($csrf_token) {
return hash_equals($_SESSION['csrf_token'], $csrf_token);
return isset($csrf_token) && hash_equals($_SESSION['csrf_token'], $csrf_token);
}
function load_user_plugins($owner_uid, $pluginhost = false) {