[evolvis-commits] r18335: yet another two MD5 comparisons that must not be type-coërcing

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Apr 12 10:42:14 CEST 2012


Author: mirabilos
Date: 2012-04-12 10:42:14 +0200 (Thu, 12 Apr 2012)
New Revision: 18335

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/common/include/pre.php
   trunk/gforge_base/evolvisforge-5.1/src/www/account/change_pw.php
Log:
yet another two MD5 comparisons that must not be type-coërcing

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/pre.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/pre.php	2012-04-12 08:42:10 UTC (rev 18334)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/pre.php	2012-04-12 08:42:14 UTC (rev 18335)
@@ -121,7 +121,7 @@
 
 if (strlen(forge_get_config('host_uuid')) < 12 ||
     /* also catch MD5(empty string) */
-    forge_get_config('host_uuid') == 'd41d8cd98f00') {
+    forge_get_config('host_uuid') === 'd41d8cd98f00') {
 	if (php_sapi_name() != 'cli') {
 		exit_error('ATTN sysadmin: upgrade your host_uuid');
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/account/change_pw.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/account/change_pw.php	2012-04-12 08:42:10 UTC (rev 18334)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/account/change_pw.php	2012-04-12 08:42:14 UTC (rev 18335)
@@ -43,7 +43,7 @@
 	$passwd = getStringFromRequest('passwd');
 	$passwd2 = getStringFromRequest('passwd2');
 
-	if ($u->getMD5Passwd() != md5($old_passwd)) {
+	if ($u->getMD5Passwd() !== md5($old_passwd)) {
 		form_release_key(getStringFromRequest('form_key'));
 		exit_error(_('Old password is incorrect'),'my');
 	}



More information about the evolvis-commits mailing list