From cc503e2c3e0164cd7f66fb0efa0fc3ea0a84318c Mon Sep 17 00:00:00 2001
From: ncnxc <44329247+ncnxc@users.noreply.github.com>
Date: Sun, 21 Oct 2018 16:39:28 +0300
Subject: [PATCH] Strengthen CSRF validation.

---
 src/session_interface.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/session_interface.cpp b/src/session_interface.cpp
index 89419ab5..9e5aba92 100644
--- a/src/session_interface.cpp
+++ b/src/session_interface.cpp
@@ -112,7 +112,7 @@ void session_interface::request_origin_validation_is_required(bool v)
 bool session_interface::validate_csrf_token(std::string const &token)
 {
 	std::string session_token = get("_csrf","");
-	return session_token.empty() || session_token == token;
+	return !session_token.empty() && !token.empty() && session_token == token;
 }
 
 void session_interface::validate_request_origin()