From 62b0e5d81018ee39321339a2adc87c2c2d303f69 Mon Sep 17 00:00:00 2001
From: Spuds <spuds@spudsdesign.com>
Date: Wed, 27 Feb 2013 09:49:46 -0600
Subject: [PATCH] ! Change a few comparisons to be exact for good measure

Signed-off-by: Spuds <spuds@spudsdesign.com>
---
 sources/Security.php                        | 7 +++----
 sources/admin/ManageLanguages.php           | 4 ++--
 sources/controllers/Reminder.controller.php | 4 ++--
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/sources/Security.php b/sources/Security.php
index 2af67cac87..4ef47143d2 100644
--- a/sources/Security.php
+++ b/sources/Security.php
@@ -626,7 +626,7 @@ function checkSession($type = 'post', $from_action = '', $is_fatal = true)
 	}
 
 	// How about $_GET['sesc']?
-	elseif ($type == 'get')
+	elseif ($type === 'get')
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : null);
 		if ($check !== $sc)
@@ -732,9 +732,8 @@ function checkConfirm($action)
 {
 	global $modSettings;
 
-	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
+	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) === $_SESSION['confirm_' . $action])
 		return true;
-
 	else
 	{
 		$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
@@ -801,7 +800,7 @@ function validateToken($action, $type = 'post', $reset = true)
 		4. Match that result against what is in the session.
 		5. If it matchs, success, otherwise we fallout.
 	*/
-	if (isset($_SESSION['token'][$type . '-' . $action], $GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$type . '-' . $action][0]]) && md5($GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$type . '-' . $action][0]] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['token'][$type . '-' . $action][1])
+	if (isset($_SESSION['token'][$type . '-' . $action], $GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$type . '-' . $action][0]]) && md5($GLOBALS['_' . strtoupper($type)][$_SESSION['token'][$type . '-' . $action][0]] . $_SERVER['HTTP_USER_AGENT']) === $_SESSION['token'][$type . '-' . $action][1])
 	{
 		// Invalidate this token now.
 		unset($_SESSION['token'][$type . '-' . $action]);
diff --git a/sources/admin/ManageLanguages.php b/sources/admin/ManageLanguages.php
index 88f4f17664..9feb12b6eb 100644
--- a/sources/admin/ManageLanguages.php
+++ b/sources/admin/ManageLanguages.php
@@ -298,13 +298,13 @@ function DownloadLanguage()
 				$context_data['writable'] = true;
 
 			// Finally, do we actually think the content has changed?
-			if ($file['size'] == filesize(BOARDDIR . '/' . $file['filename']) && $file['md5'] == md5_file(BOARDDIR . '/' . $file['filename']))
+			if ($file['size'] == filesize(BOARDDIR . '/' . $file['filename']) && $file['md5'] === md5_file(BOARDDIR . '/' . $file['filename']))
 			{
 				$context_data['exists'] = 'same';
 				$context_data['default_copy'] = false;
 			}
 			// Attempt to discover newline character differences.
-			elseif ($file['md5'] == md5(preg_replace("~[\r]?\n~", "\r\n", file_get_contents(BOARDDIR . '/' . $file['filename']))))
+			elseif ($file['md5'] === md5(preg_replace("~[\r]?\n~", "\r\n", file_get_contents(BOARDDIR . '/' . $file['filename']))))
 			{
 				$context_data['exists'] = 'same';
 				$context_data['default_copy'] = false;
diff --git a/sources/controllers/Reminder.controller.php b/sources/controllers/Reminder.controller.php
index cdab780589..3fd647d8e3 100644
--- a/sources/controllers/Reminder.controller.php
+++ b/sources/controllers/Reminder.controller.php
@@ -251,7 +251,7 @@ function action_setpassword2()
 		fatal_lang_error('profile_error_password_' . $passwordError, false);
 
 	// Quit if this code is not right.
-	if (empty($_POST['code']) || substr($realCode, 0, 10) != substr(md5($_POST['code']), 0, 10))
+	if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
 	{
 		// Stop brute force attacks like this.
 		validatePasswordFlood($_POST['u'], $flood_value, false);
@@ -360,7 +360,7 @@ function action_secret2()
 	$smcFunc['db_free_result']($request);
 
 	// Check if the secret answer is correct.
-	if ($row['secret_question'] == '' || $row['secret_answer'] == '' || md5($_POST['secret_answer']) != $row['secret_answer'])
+	if ($row['secret_question'] == '' || $row['secret_answer'] == '' || md5($_POST['secret_answer']) !== $row['secret_answer'])
 	{
 		log_error(sprintf($txt['reminder_error'], $row['member_name']), 'user');
 		fatal_lang_error('incorrect_answer', false);