Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-crf2-xm6x-46p6
  • Loading branch information
Flyingmana committed Aug 18, 2020
1 parent 4c02c10 commit 7c526bc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/code/core/Mage/Adminhtml/Controller/Action.php
Expand Up @@ -389,7 +389,7 @@ protected function _validateSecretKey()
}

if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null))
|| $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) {
|| !hash_equals(Mage::getSingleton('adminhtml/url')->getSecretKey(), $secretKey)) {
return false;
}
return true;
Expand Down

0 comments on commit 7c526bc

Please sign in to comment.