diff options
| author | Andrew Dolgov <[email protected]> | 2020-09-17 08:43:39 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2020-09-17 08:43:39 +0300 |
| commit | 1f79d614c4d24fdc0432fd6d080f29ca99b41fbf (patch) | |
| tree | 9f8e4a9307f710cd834ba16c326b7f562b8a37d3 /include | |
| parent | 6a4b6cf603002ca0032c209b99da4ab76ac7e013 (diff) | |
fix OTP QR code not displayed because of CSRF token passed as a query
parameter
use type-strict comparison when validating CSRF token on the backend
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions.php b/include/functions.php index dfaf1895d..9989d7ecf 100644 --- a/include/functions.php +++ b/include/functions.php @@ -680,7 +680,7 @@ } function validate_csrf($csrf_token) { - return $csrf_token == $_SESSION['csrf_token']; + return $csrf_token === $_SESSION['csrf_token']; } function load_user_plugins($owner_uid, $pluginhost = false) { |