diff options
| author | Andrew Dolgov <noreply@fakecake.org> | 2020-09-17 10:20:55 +0300 |
|---|---|---|
| committer | Andrew Dolgov <noreply@fakecake.org> | 2020-09-17 10:20:55 +0300 |
| commit | 5a7e7e136776de145d7d6c78823e3bf7af5fd84c (patch) | |
| tree | 8221bb9d856fc84510f5e70c1d762ff443604b7a /include | |
| parent | f72e6947d5048c4af5fcfc7bb8da64435bd6246a (diff) | |
don't try to call hash_equals() on unset user token
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions.php b/include/functions.php index 298a77033..565a8fd41 100644 --- a/include/functions.php +++ b/include/functions.php @@ -679,7 +679,7 @@ } function validate_csrf($csrf_token) { - return hash_equals($_SESSION['csrf_token'], $csrf_token); + return isset($csrf_token) && hash_equals($_SESSION['csrf_token'], $csrf_token); } function load_user_plugins($owner_uid, $pluginhost = false) { |