From 37f41a5246eddc1dda6c2ef8ad0b9acdf90b9edc Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 17 Sep 2020 11:49:27 +0300
Subject: [PATCH] forgotpass: use type strict comparison for reset token

---
 classes/handler/public.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/handler/public.php b/classes/handler/public.php
index 595473789..a735b1931 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -940,7 +940,7 @@ class Handler_Public extends Handler {
 
 					if ($timestamp && $resetpass_token &&
 						$timestamp >= time() - 15*60*60 &&
-						$resetpass_token == $hash) {
+						$resetpass_token === $hash) {
 
 							$sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL
 								WHERE id = ?");