From 8133adeab84cd7e845fb01f5bd9b08d2c3af927e Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Sat, 3 May 2014 14:19:24 +0100
Subject: [PATCH] !isset($_REQUEST["csrf"]) is extra fail cond

---
 lib/headers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/headers.php b/lib/headers.php
index 8041c2f..3834271 100644
--- a/lib/headers.php
+++ b/lib/headers.php
@@ -7,7 +7,7 @@ if (!isset($_SESSION["csrf"])) {
 	$_SESSION["csrf"] = md5(uniqid(mt_rand(), true));	
 }
 
-if (($_GET || $_POST) && $_REQUEST["csrf"] !== $_SESSION["csrf"]) {
+if (($_GET || $_POST) && (!isset($_REQUEST["csrf"]) || $_REQUEST["csrf"] !== $_SESSION["csrf"])) {
 	die("Bad CSRF token. Please report the error info at https://github.com/mattpass/ICEcoder so it can be fixed.<br><br>
 		CSRF issue:<br>
 		REQUEST: ".$_REQUEST["csrf"]."<br>