diff options
author | canyonknight <canyonknight@gmail.com> | 2013-01-22 02:18:14 +0000 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2013-01-30 09:25:29 +0100 |
commit | a61d73d804d615b555fdccbec669f8e2cf84217d (patch) | |
tree | 152c83e3b05528884285909a67720d2c1ff89a35 /web | |
parent | e4ad05533f2929bc8291923a8d4bef1c8fc55675 (diff) | |
download | aurweb-a61d73d804d615b555fdccbec669f8e2cf84217d.tar.xz |
aur.inc.php: Fix PHP undefined index notice for AURSID
Occurs in the rare situation where a logged out user tries to POST
a CSRF token.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r-- | web/lib/aur.inc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 387d81d..e02c835 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -94,7 +94,7 @@ function check_sid($dbh=NULL) { * @return bool True if the CSRF token is the same as the cookie SID, otherwise false */ function check_token() { - if (isset($_POST['token'])) { + if (isset($_POST['token']) && isset($_COOKIE['AURSID'])) { return ($_POST['token'] == $_COOKIE['AURSID']); } else { return false; |