summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2013-01-22 02:18:14 +0000
committerLukas Fleischer <archlinux@cryptocrack.de>2013-01-30 09:25:29 +0100
commita61d73d804d615b555fdccbec669f8e2cf84217d (patch)
tree152c83e3b05528884285909a67720d2c1ff89a35 /web
parente4ad05533f2929bc8291923a8d4bef1c8fc55675 (diff)
downloadaurweb-a61d73d804d615b555fdccbec669f8e2cf84217d.tar.xz
aur.inc.php: Fix PHP undefined index notice for AURSID
Occurs in the rare situation where a logged out user tries to POST a CSRF token. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/lib/aur.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 387d81d..e02c835 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -94,7 +94,7 @@ function check_sid($dbh=NULL) {
* @return bool True if the CSRF token is the same as the cookie SID, otherwise false
*/
function check_token() {
- if (isset($_POST['token'])) {
+ if (isset($_POST['token']) && isset($_COOKIE['AURSID'])) {
return ($_POST['token'] == $_COOKIE['AURSID']);
} else {
return false;