external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

aur.inc.php: Fix PHP undefined index notice for AURSID

Browse source 
Occurs in the rare situation where a logged out user tries to POST
a CSRF token.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
canyonknight 2013-01-22 02:18:14 +00:00 committed by Lukas Fleischer
parent e4ad05533f
commit a61d73d804
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
web/lib/aur.inc.php
View file

@ -94,7 +94,7 @@ function check_sid($dbh=NULL) {
* @return bool True if the CSRF token is the same as the cookie SID, otherwise false * @return bool True if the CSRF token is the same as the cookie SID, otherwise false
*/ */
function check_token() { function check_token() {
if (isset($_POST['token'])) { if (isset($_POST['token']) && isset($_COOKIE['AURSID'])) {
return ($_POST['token'] == $_COOKIE['AURSID']); return ($_POST['token'] == $_COOKIE['AURSID']);
} else { } else {
return false; return false;