From 0c38dc84561da4ab97c6463e4214cd9c5ea68319 Mon Sep 17 00:00:00 2001
From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
Date: Tue, 11 May 2021 09:35:39 +0200
Subject: Improve missing token check

Avoid "E_NOTICE (8) (classes/userhelper.php:78) Undefined index:
csrf_token" in logs.
---
 classes/userhelper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes')

diff --git a/classes/userhelper.php b/classes/userhelper.php
index 0bf67243e..1cdd320a1 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -75,7 +75,7 @@ class UserHelper {
 
 			$_SESSION["auth_module"] = false;
 
-			if (!$_SESSION["csrf_token"])
+			if (empty($_SESSION["csrf_token"]))
 				$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
 
 			$_SESSION["ip_address"] = UserHelper::get_user_ip();
-- 
cgit v1.2.3


From b5a559a1a7315b66768b38fe78eb49663636db8c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 11 May 2021 19:36:25 +0300
Subject: sanity check: in single user mode, only test for admin user if
 migrations have been completed

---
 classes/config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'classes')

diff --git a/classes/config.php b/classes/config.php
index 6e8d4533f..1386b553a 100644
--- a/classes/config.php
+++ b/classes/config.php
@@ -484,7 +484,8 @@ class Config {
 			array_push($errors, "Data export cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/export)");
 		}
 
-		if (self::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) {
+		// ttrss_users won't be there on initial startup (before migrations are done)
+		if (!Config::is_migration_needed() && self::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) {
 			if (UserHelper::get_login_by_id(1) != "admin") {
 				array_push($errors, "SINGLE_USER_MODE is enabled but default admin account (ID: 1) is not found.");
 			}
-- 
cgit v1.2.3


From f423874e0585699dfc239c8e4187b53a9a3c02da Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 11 May 2021 19:37:31 +0300
Subject: checking for PDO there is rather useless

---
 classes/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes')

diff --git a/classes/config.php b/classes/config.php
index 1386b553a..4ae4a2407 100644
--- a/classes/config.php
+++ b/classes/config.php
@@ -485,7 +485,7 @@ class Config {
 		}
 
 		// ttrss_users won't be there on initial startup (before migrations are done)
-		if (!Config::is_migration_needed() && self::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) {
+		if (!Config::is_migration_needed() && self::get(Config::SINGLE_USER_MODE)) {
 			if (UserHelper::get_login_by_id(1) != "admin") {
 				array_push($errors, "SINGLE_USER_MODE is enabled but default admin account (ID: 1) is not found.");
 			}
-- 
cgit v1.2.3