mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-10 00:42:41 +01:00
Fix PhabricatorAuthCSRFEngine.php strncmp(null) PHP 8.1 error
Summary: Update PhabricatorAuthCSRFEngine.php such that it doesn't fall over when provided with a null CSRF token under PHP 8.1 Fixes T15654 Test Plan: Do a POST request to phorge. Reviewers: O1 Blessed Committers, valerio.bozzolan Reviewed By: O1 Blessed Committers, valerio.bozzolan Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno Maniphest Tasks: T15654 Differential Revision: https://we.phorge.it/D25449
This commit is contained in:
parent
7b0021a03c
commit
318d7a61fe
1 changed files with 4 additions and 1 deletions
|
@ -47,7 +47,10 @@ final class PhabricatorAuthCSRFEngine extends Phobject {
|
|||
// We expect a BREACH-mitigating token. See T3684.
|
||||
$breach_prefix = $this->getBREACHPrefix();
|
||||
$breach_prelen = strlen($breach_prefix);
|
||||
if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) {
|
||||
if (
|
||||
$token === null ||
|
||||
strncmp($token, $breach_prefix, $breach_prelen) !== 0
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue