BugTrack2/236: If you compare two numerical strings, they are compared as integers

diff --git a/plugin/attach.inc.php b/plugin/attach.inc.php
index bdbcb75..cc09475 100644 (file)
--- a/plugin/attach.inc.php
+++ b/plugin/attach.inc.php
@@ -617,7 +617,7 @@ EOD;
                        if (PLUGIN_ATTACH_DELETE_ADMIN_ONLY || $this->age) {
                                return attach_info('err_adminpass');
                        } else if (PLUGIN_ATTACH_PASSWORD_REQUIRE &&
-                               md5($pass) != $this->status['pass']) {
+                               md5($pass) !== $this->status['pass']) {
                                return attach_info('err_password');
                        }
                }
@@ -669,7 +669,7 @@ EOD;
                        if (PLUGIN_ATTACH_DELETE_ADMIN_ONLY || $this->age) {
                                return attach_info('err_adminpass');
                        } else if (PLUGIN_ATTACH_PASSWORD_REQUIRE &&
-                               md5($pass) != $this->status['pass']) {
+                               md5($pass) !== $this->status['pass']) {
                                return attach_info('err_password');
                        }
                }

diff --git a/plugin/pcomment.inc.php b/plugin/pcomment.inc.php
index 6dadab0..ee1153f 100644 (file)
--- a/plugin/pcomment.inc.php
+++ b/plugin/pcomment.inc.php
@@ -230,7 +230,7 @@ function plugin_pcomment_insert()
                        while ($end_position < $count) {
                                $matches = array();
                                if (preg_match('/^(\-{1,2})(?!\-)(.*)$/', $postdata[$end_position++], $matches)
-                                       && md5($matches[2]) == $reply_hash)
+                                       && md5($matches[2]) === $reply_hash)
                                {
                                        $b_reply = TRUE;
                                        $level   = strlen($matches[1]) + 1;