Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Password comparison should not be done with the `==` operator, but `===`, due to type juggling. References: * http://phpsadness.com/sad/47 * turbochaos.blogspot.fr/2013/08/exploiting-exotic-bugs-php-type-juggling. html ### Test case * Create an administrator with the password "240610708". * Try to login to the dashboard with the password "QNKCDZO" :-)
- Loading branch information