I’ve been seeing a few E_WARNINGS in my logs around function validate_csrf. Perhaps $_SESSION['csrf_token']
needs to be checked first for NULL, something like:
function validate_csrf($csrf_token) {
if (!isset($_SESSION['csrf_token']) || !$_SESSION['csrf_token']) { return false; }
return isset($csrf_token) && hash_equals($_SESSION['csrf_token'], $csrf_token);
}
Event Log:
E_WARNING (2) include/functions.php:266 hash_equals(): Expected known_string to be a string, null given
- include/functions.php(266): hash_equals(, a6454a029f10634bdc0efabc78c3195f)
- backend.php(107): validate_csrf(a6454a029f10634bdc0efabc78c3195f)
IP: {removed}
Request URI: /tt-rss/backend.php
User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 7:43
E_USER_NOTICE (1024) :0 Update process for feed 414 (feedname1, owner UID: 2) failed with exit code: 100 (LibXML error 76 at line 47 (column 10): Opening and ending tag mismatch: meta line 6 and head ).
7:17
E_USER_NOTICE (1024) :0 Update process for feed 258 (feedname2, owner UID: 2) failed with exit code: 100 (; 7 Failed to connect to website.com port 443: Connection timed out).
6:32
Versions:
tt-rss: Tiny Tiny RSS vUNKNOWN (Unsupported) (because didn’t use git? downloaded on Sep 28)
PHP: 7.3.22