perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

post.php: use hash_equals to compare post deletion password

Browse source
This commit is contained in:
Zankaria 2024-10-07 23:48:52 +02:00
parent 27286cdcee
commit 169bf13f5d
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
post.php
View file

@ -512,8 +512,8 @@ function handle_delete()
if ( if (
$password != '' $password != ''
&& $post['password'] != $password && !hash_equals($post['password'], $password)
&& (!$thread || $thread['password'] != $password) && (!$thread || !hash_equals($thread['password'], $password))
&& !$is_mod && !$is_mod
) { ) {
error($config['error']['invalidpassword']); error($config['error']['invalidpassword']);