Update secure_img_handler.php

Captcha can be bypassed if empty value given.
2025-08-04 21:57:51 +02:00 · 2016-08-10 19:27:43 +01:00
parent 0b06fbda62
commit 1dbd7423c0
1 changed files with 2 additions and 2 deletions
--- a/e107_handlers/secure_img_handler.php
+++ b/e107_handlers/secure_img_handler.php
@@ -81,7 +81,7 @@ class secure_image
 	//	$sql = e107::getDb();
 	//	$tp = e107::getParser();

-		if(!empty($_SESSION['secure_img'][$recnum]) && (intval($_SESSION['secure_img'][$recnum]) == $checkstr))
+		if(!empty($_SESSION['secure_img'][$recnum]) && 0 == strcmp($_SESSION['secure_img'][$recnum], $checkstr))
 		{
 			unset($_SESSION['secure_img']);
 			return true;
@@ -441,4 +441,4 @@ class secure_image


 }
-?>
+?>