From 1f79d614c4d24fdc0432fd6d080f29ca99b41fbf Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 17 Sep 2020 08:43:39 +0300
Subject: fix OTP QR code not displayed because of CSRF token passed as a query
 parameter use type-strict comparison when validating CSRF token on the
 backend

---
 include/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/functions.php b/include/functions.php
index dfaf1895d..9989d7ecf 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -680,7 +680,7 @@
 	}
 
 	function validate_csrf($csrf_token) {
-		return $csrf_token == $_SESSION['csrf_token'];
+		return $csrf_token === $_SESSION['csrf_token'];
 	}
 
 	function load_user_plugins($owner_uid, $pluginhost = false) {
-- 
cgit v1.2.3-54-g00ecf