Page MenuHomePhorge
Files F2628116

D25449.1732015669.diff
No OneTemporary
Actions

D25449.1732015669.diff
View Options

diff --git a/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php b/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
--- a/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
+++ b/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
@@ -47,7 +47,10 @@
// We expect a BREACH-mitigating token. See T3684.
$breach_prefix = $this->getBREACHPrefix();
$breach_prelen = strlen($breach_prefix);
- if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) {
+ if (
+ $token === null ||
+ strncmp($token, $breach_prefix, $breach_prelen) !== 0
+ ) {
return false;
}

File Metadata

Mime Type
text/plain
Expires
Tue, Nov 19, 11:27 (21 h, 58 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
977581
Default Alt Text
D25449.1732015669.diff (635 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0