From d5c0422f17b5a09cd499f82cdf4b72397c45d509 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 22 Nov 2016 20:20:05 +0100
Subject: [PATCH] authpdo - use type safe comparison on passwords. fixes #1765

---
 lib/plugins/authpdo/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/plugins/authpdo/auth.php b/lib/plugins/authpdo/auth.php
index 64ef94115..5eb70c95d 100644
--- a/lib/plugins/authpdo/auth.php
+++ b/lib/plugins/authpdo/auth.php
@@ -179,7 +179,7 @@ class auth_plugin_authpdo extends DokuWiki_Auth_Plugin {
             return $passhash->verify_hash($pass, $userdata['hash']);
         } else {
             // clear text password in the database O_o
-            return ($pass == $userdata['clear']);
+            return ($pass === $userdata['clear']);
         }
     }
 
-- 
GitLab