diff options
author | Andrew Dolgov <[email protected]> | 2020-09-17 08:46:57 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-09-17 08:46:57 +0300 |
commit | 0757ad04066019ec670ef97c07462ef02331cf45 (patch) | |
tree | 23998c7cd0061dc66979d0a58348eb2209d9d82c /plugins/auth_internal | |
parent | 89d53a7f492c3875b14cf1c259c8049ff3757b6a (diff) |
auth_internal: use type-strict comparison when checking OTP code
Diffstat (limited to 'plugins/auth_internal')
-rw-r--r-- | plugins/auth_internal/init.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index ad32d29b9..d029e249e 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -52,7 +52,7 @@ class Auth_Internal extends Plugin implements IAuthModule { $totp_legacy = new \OTPHP\TOTP($secret_legacy); $otp_check_legacy = $totp_legacy->now(); - if ($otp != $otp_check && $otp != $otp_check_legacy) { + if ($otp !== $otp_check && $otp !== $otp_check_legacy) { return false; } } else { @@ -260,8 +260,8 @@ class Auth_Internal extends Plugin implements IAuthModule { } private function check_app_password($login, $password, $service) { - $sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid - FROM ttrss_app_passwords p, ttrss_users u + $sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid + FROM ttrss_app_passwords p, ttrss_users u WHERE p.owner_uid = u.id AND u.login = ? AND service = ?"); $sth->execute([$login, $service]); |