Default to `null` for lostpassword

We oC 8 we use the `StringUtils::equals` method which will also verify the type, since we don't anylonger hash the token twice this is required in case somebody is able to invoke this route with an empty `$token`.
10 years ago · 35afb0d22e
parent a3067b3b9f
commit 35afb0d22e
1 changed files with 1 additions and 1 deletions
--- a/core/lostpassword/controller/lostcontroller.php
+++ b/core/lostpassword/controller/lostcontroller.php
@ -148,7 +148,7 @@ class LostController extends Controller {
 		try {
 			$user = $this->userManager->get($userId);

-			if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword'), $token)) {
+			if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword', null), $token)) {
 				throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 			}