From 7f19831e0c71bf39bd89d4b7f50680806e949983 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 29 Jul 2019 14:54:55 -0400 Subject: [PATCH] Use isset when testing for existence of authash in session --- web/includes/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index b6213e061..652ef3c98 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -377,7 +377,7 @@ if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_HASH_LOGINS and (ZM_AUTH_RELAY == 'hashed') ) { # Extra validation, if logged in, then the auth hash will be set in the session, so we can validate it. # This prevent session modification to switch users - if ( $_SESSION['AuthHash'.$_SESSION['remoteAddr']] ) + if ( isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); } else { # Need to refresh permissions and validate that the user still exists