use hash_equals() correctly

4 years ago · f72e6947d5
parent e3adacc588
commit f72e6947d5
1 changed files with 1 additions and 1 deletions
--- a/include/functions.php
+++ b/include/functions.php
@ -679,7 +679,7 @@
 	}

 	function validate_csrf($csrf_token) {
-		return hash_equals($csrf_token, $_SESSION['csrf_token']);
+		return hash_equals($_SESSION['csrf_token'], $csrf_token);
 	}

 	function load_user_plugins($owner_uid, $pluginhost = false) {