Fixed string comparison to avoid automatic cast during database passw…

…ord check. ------ Corregida la comparación de cadenas para evitar cast automático durante la comprobación de la contraseña de la basew de datos.
NeoRazorX · May 12, 2022 · 714bebf · 714bebf
1 parent 1096859
commit 714bebf
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Core/App/AppController.php b/Core/App/AppController.php
@@ -211,9 +211,9 @@ private function newUserPassword()
         $pass2 = $this->request->request->get('fsNewPasswd2');
 
         if ($pass != $pass2) {
-            ToolBox::i18nLog()->warning('different-passwords', ['%userNick%' => $nick]);
+            ToolBox::i18nLog()->warning('different-passwords', ['%userNick%' => htmlspecialchars($nick)]);
             return;
-        } elseif ($user->loadFromCode($nick) && $this->request->request->get('fsDbPasswd') == FS_DB_PASS) {
+        } elseif ($user->loadFromCode($nick) && $this->request->request->get('fsDbPasswd') === FS_DB_PASS) {
             $user->setPassword($pass);
             $user->save();
             ToolBox::i18nLog()->notice('record-updated-correctly');