From a61d73d804d615b555fdccbec669f8e2cf84217d Mon Sep 17 00:00:00 2001 From: canyonknight Date: Tue, 22 Jan 2013 02:18:14 +0000 Subject: aur.inc.php: Fix PHP undefined index notice for AURSID Occurs in the rare situation where a logged out user tries to POST a CSRF token. Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/lib/aur.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'web/lib/aur.inc.php') diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 387d81d..e02c835 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -94,7 +94,7 @@ function check_sid($dbh=NULL) { * @return bool True if the CSRF token is the same as the cookie SID, otherwise false */ function check_token() { - if (isset($_POST['token'])) { + if (isset($_POST['token']) && isset($_COOKIE['AURSID'])) { return ($_POST['token'] == $_COOKIE['AURSID']); } else { return false; -- cgit v1.2.3-70-g09d2