From 1dbd7423c0bb89cf5300068e32feb9771c52011a Mon Sep 17 00:00:00 2001
From: Lee Howarth <mostvotedplayer@gmail.com>
Date: Wed, 10 Aug 2016 19:27:43 +0100
Subject: [PATCH] Update secure_img_handler.php

Captcha can be bypassed if empty value given.
---
 e107_handlers/secure_img_handler.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/e107_handlers/secure_img_handler.php b/e107_handlers/secure_img_handler.php
index 4a419e7d3..4572bb0a0 100644
--- a/e107_handlers/secure_img_handler.php
+++ b/e107_handlers/secure_img_handler.php
@@ -81,7 +81,7 @@ class secure_image
 	//	$sql = e107::getDb();
 	//	$tp = e107::getParser();
 
-		if(!empty($_SESSION['secure_img'][$recnum]) && (intval($_SESSION['secure_img'][$recnum]) == $checkstr))
+		if(!empty($_SESSION['secure_img'][$recnum]) && 0 == strcmp($_SESSION['secure_img'][$recnum], $checkstr))
 		{
 			unset($_SESSION['secure_img']);
 			return true;
@@ -441,4 +441,4 @@ class secure_image
 
 
 }
-?>
\ No newline at end of file
+?>