From a61d73d804d615b555fdccbec669f8e2cf84217d Mon Sep 17 00:00:00 2001
From: canyonknight <canyonknight@gmail.com>
Date: Tue, 22 Jan 2013 02:18:14 +0000
Subject: aur.inc.php: Fix PHP undefined index notice for AURSID

Occurs in the rare situation where a logged out user tries to POST
a CSRF token.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/aur.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'web')

diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 387d81d..e02c835 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -94,7 +94,7 @@ function check_sid($dbh=NULL) {
  * @return bool True if the CSRF token is the same as the cookie SID, otherwise false
  */
 function check_token() {
-	if (isset($_POST['token'])) {
+	if (isset($_POST['token']) && isset($_COOKIE['AURSID'])) {
 		return ($_POST['token'] == $_COOKIE['AURSID']);
 	} else {
 		return false;
-- 
cgit v1.2.3-54-g00ecf