From 58789954a7642c133920f37a51fd3dbb5d76cbde Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 23 Oct 2012 18:08:57 +0200
Subject: [PATCH] correctly check hash parameter in media dispatcher FS#2648

---
 lib/exe/fetch.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index e8f189256..52e7ebe1e 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -157,7 +157,7 @@ function checkFileStatus(&$media, &$file, $rev='') {
   //media to local file
   if(preg_match('#^(https?)://#i',$media)){
     //check hash
-    if(substr(md5(auth_cookiesalt().$media),0,6) != $INPUT->str('hash')){
+    if(substr(md5(auth_cookiesalt().$media),0,6) !== $INPUT->str('hash')){
       return array( 412, 'Precondition Failed');
     }
     //handle external images
-- 
GitLab