| リビジョン | b2c32c79df97a09f00d1b8203e02121085c6b6b9 (tree) |
|---|---|
| 日時 | 2014-11-30 20:25:42 |
| 作者 | henoheno <henoheno> |
| コミッター | umorigu |
BugTrack2/236: If you compare two numerical strings, they are compared as integers
plugin/attach.inc.php (diff) plugin/pcomment.inc.php (diff)| @@ -617,7 +617,7 @@ EOD; | ||
| 617 | 617 | if (PLUGIN_ATTACH_DELETE_ADMIN_ONLY || $this->age) { |
| 618 | 618 | return attach_info('err_adminpass'); |
| 619 | 619 | } else if (PLUGIN_ATTACH_PASSWORD_REQUIRE && |
| 620 | - md5($pass) != $this->status['pass']) { | |
| 620 | + md5($pass) !== $this->status['pass']) { | |
| 621 | 621 | return attach_info('err_password'); |
| 622 | 622 | } |
| 623 | 623 | } |
| @@ -669,7 +669,7 @@ EOD; | ||
| 669 | 669 | if (PLUGIN_ATTACH_DELETE_ADMIN_ONLY || $this->age) { |
| 670 | 670 | return attach_info('err_adminpass'); |
| 671 | 671 | } else if (PLUGIN_ATTACH_PASSWORD_REQUIRE && |
| 672 | - md5($pass) != $this->status['pass']) { | |
| 672 | + md5($pass) !== $this->status['pass']) { | |
| 673 | 673 | return attach_info('err_password'); |
| 674 | 674 | } |
| 675 | 675 | } |
| @@ -230,7 +230,7 @@ function plugin_pcomment_insert() | ||
| 230 | 230 | while ($end_position < $count) { |
| 231 | 231 | $matches = array(); |
| 232 | 232 | if (preg_match('/^(\-{1,2})(?!\-)(.*)$/', $postdata[$end_position++], $matches) |
| 233 | - && md5($matches[2]) == $reply_hash) | |
| 233 | + && md5($matches[2]) === $reply_hash) | |
| 234 | 234 | { |
| 235 | 235 | $b_reply = TRUE; |
| 236 | 236 | $level = strlen($matches[1]) + 1; |
haifun
Fork