don't try to call hash_equals() on unset user token

master
Andrew Dolgov 4 years ago
parent f72e6947d5
commit 5a7e7e1367

@ -679,7 +679,7 @@
}
function validate_csrf($csrf_token) {
return hash_equals($_SESSION['csrf_token'], $csrf_token);
return isset($csrf_token) && hash_equals($_SESSION['csrf_token'], $csrf_token);
}
function load_user_plugins($owner_uid, $pluginhost = false) {

Loading…
Cancel
Save