public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 17:35:56 +00:00
Code Issues Releases Wiki Activity

don't try to call hash_equals() on unset user token

Browse Source
This commit is contained in:
Andrew Dolgov
2020-09-17 10:20:55 +03:00
parent f72e6947d5
commit 5a7e7e1367
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions.php
View File

@@ -679,7 +679,7 @@
}
function validate_csrf($csrf_token) {
return hash_equals($_SESSION['csrf_token'], $csrf_token);
return isset($csrf_token) && hash_equals($_SESSION['csrf_token'], $csrf_token);
}
function load_user_plugins($owner_uid, $pluginhost = false) {