public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 17:25:55 +00:00
Code Issues Releases Wiki Activity

fix OTP QR code not displayed because of CSRF token passed as a query

Browse Source 
parameter
use type-strict comparison when validating CSRF token on the backend
This commit is contained in:
Andrew Dolgov
2020-09-17 08:43:39 +03:00
parent 6a4b6cf603
commit 1f79d614c4
3 changed files with 27 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions.php
View File

@@ -680,7 +680,7 @@
}
function validate_csrf($csrf_token) {
return $csrf_token == $_SESSION['csrf_token'];
return $csrf_token === $_SESSION['csrf_token'];
}
function load_user_plugins($owner_uid, $pluginhost = false) {