Merge branch 'master' into next

diff --cc wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index b77eb12cdfb16e7e4f081359e299ef88e881d57f,a9a3bca9994f913c59d4804281bc175d73f19de1..e8c9378047ff66612bad695997360df0c66f8611
--- 1/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
--- 2/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@@ -45,8 -46,8 +45,8 @@@ abstract class AbstractAuthedPage exten
                        }
                        else {
                                $user = new User($userID);
-                               if (\hash_equals($user->accessToken, $token)) {
-                                       // token is valid -> change user
 -                              if (CryptoUtil::secureCompare($user->accessToken, $token) && !$user->banned) {
++                              if (\hash_equals($user->accessToken, $token) && !$user->banned) {
+                                       // token is valid and user is not banned -> change user
                                        SessionHandler::getInstance()->changeUser($user, true);
                                }
                                else {