From 714bebf4c35e3eedda138f5ee912a8031bc8b1ab Mon Sep 17 00:00:00 2001
From: Carlos Garcia Gomez <neorazorx@gmail.com>
Date: Thu, 12 May 2022 20:14:56 +0200
Subject: [PATCH] =?UTF-8?q?Fixed=20string=20comparison=20to=20avoid=20auto?=
 =?UTF-8?q?matic=20cast=20during=20database=20password=20check.=20------?=
 =?UTF-8?q?=20Corregida=20la=20comparaci=C3=B3n=20de=20cadenas=20para=20ev?=
 =?UTF-8?q?itar=20cast=20autom=C3=A1tico=20durante=20la=20comprobaci=C3=B3?=
 =?UTF-8?q?n=20de=20la=20contrase=C3=B1a=20de=20la=20basew=20de=20datos.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Core/App/AppController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Core/App/AppController.php b/Core/App/AppController.php
index 1910311926..407038efbe 100644
--- a/Core/App/AppController.php
+++ b/Core/App/AppController.php
@@ -211,9 +211,9 @@ private function newUserPassword()
         $pass2 = $this->request->request->get('fsNewPasswd2');
 
         if ($pass != $pass2) {
-            ToolBox::i18nLog()->warning('different-passwords', ['%userNick%' => $nick]);
+            ToolBox::i18nLog()->warning('different-passwords', ['%userNick%' => htmlspecialchars($nick)]);
             return;
-        } elseif ($user->loadFromCode($nick) && $this->request->request->get('fsDbPasswd') == FS_DB_PASS) {
+        } elseif ($user->loadFromCode($nick) && $this->request->request->get('fsDbPasswd') === FS_DB_PASS) {
             $user->setPassword($pass);
             $user->save();
             ToolBox::i18nLog()->notice('record-updated-correctly');