[aur-dev] [PATCH] aur.inc.php: Fix PHP undefined index notice for AURSID
canyonknight
canyonknight at gmail.com
Mon Jan 21 21:18:14 EST 2013
Occurs in the rare situation where a logged out user tries to POST
a CSRF token.
Signed-off-by: canyonknight <canyonknight at gmail.com>
---
web/lib/aur.inc.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 387d81d..e02c835 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -94,7 +94,7 @@ function check_sid($dbh=NULL) {
* @return bool True if the CSRF token is the same as the cookie SID, otherwise false
*/
function check_token() {
- if (isset($_POST['token'])) {
+ if (isset($_POST['token']) && isset($_COOKIE['AURSID'])) {
return ($_POST['token'] == $_COOKIE['AURSID']);
} else {
return false;
--
1.8.1.1
More information about the aur-dev
mailing list