From: Marcel Werk <burntime@woltlab.com>
Date: Wed, 30 Oct 2019 14:19:23 +0000 (+0100)
Subject: Merge branch 'master' into next
X-Git-Tag: 5.2.0_Beta_3~26
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=86a7f432f76c6d08f915efebe958f7f4ae6dc013;p=GitHub%2FWoltLab%2FWCF.git

Merge branch 'master' into next
---

86a7f432f76c6d08f915efebe958f7f4ae6dc013
diff --cc wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index b77eb12cdf,a9a3bca999..e8c9378047
--- a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@@ -45,8 -46,8 +45,8 @@@ abstract class AbstractAuthedPage exten
  			}
  			else {
  				$user = new User($userID);
- 				if (\hash_equals($user->accessToken, $token)) {
- 					// token is valid -> change user
 -				if (CryptoUtil::secureCompare($user->accessToken, $token) && !$user->banned) {
++				if (\hash_equals($user->accessToken, $token) && !$user->banned) {
+ 					// token is valid and user is not banned -> change user
  					SessionHandler::getInstance()->changeUser($user, true);
  				}
  				else {