forgotpass: use type strict comparison for reset token

This commit is contained in:
Andrew Dolgov 2020-09-17 11:49:27 +03:00
parent 5a7e7e1367
commit 37f41a5246
1 changed files with 1 additions and 1 deletions

View File

@ -940,7 +940,7 @@ class Handler_Public extends Handler {
if ($timestamp && $resetpass_token && if ($timestamp && $resetpass_token &&
$timestamp >= time() - 15*60*60 && $timestamp >= time() - 15*60*60 &&
$resetpass_token == $hash) { $resetpass_token === $hash) {
$sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL
WHERE id = ?"); WHERE id = ?");