Merge branch 'master' into next
authorMarcel Werk <burntime@woltlab.com>
Wed, 30 Oct 2019 14:19:23 +0000 (15:19 +0100)
committerMarcel Werk <burntime@woltlab.com>
Wed, 30 Oct 2019 14:19:23 +0000 (15:19 +0100)
1  2 
wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php

index b77eb12cdfb16e7e4f081359e299ef88e881d57f,a9a3bca9994f913c59d4804281bc175d73f19de1..e8c9378047ff66612bad695997360df0c66f8611
@@@ -45,8 -46,8 +45,8 @@@ abstract class AbstractAuthedPage exten
                        }
                        else {
                                $user = new User($userID);
-                               if (\hash_equals($user->accessToken, $token)) {
-                                       // token is valid -> change user
 -                              if (CryptoUtil::secureCompare($user->accessToken, $token) && !$user->banned) {
++                              if (\hash_equals($user->accessToken, $token) && !$user->banned) {
+                                       // token is valid and user is not banned -> change user
                                        SessionHandler::getInstance()->changeUser($user, true);
                                }
                                else {