Merge pull request #9067 from MrPetovan/bug/9065-csrf-anonymous

Re-allow anonymous use of CSRF tokens
2020-08-24 18:36:21 +02:00 · 2020-08-24 18:36:21 +02:00 · 5ab4503140
parent 96ffe95949 9b38abc32c
commit 5ab4503140
1 changed files with 1 additions and 5 deletions
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@ -140,11 +140,7 @@ abstract class BaseModule
 			return false;
 		}
-		if (empty($a->user)) {
+		$sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $x[0] . $typename);
 			return false;
 		}
 		$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
 		return ($sec_hash == $x[1]);
 	}