!isset($_REQUEST["csrf"]) is extra fail cond

mattpass · mattpass · commit 8133adeab84c · 2014-05-03T14:19:24.000+01:00
diff --git a/lib/headers.php b/lib/headers.php
@@ -7,7 +7,7 @@
 	$_SESSION["csrf"] = md5(uniqid(mt_rand(), true));	
 }
 
-if (($_GET || $_POST) && $_REQUEST["csrf"] !== $_SESSION["csrf"]) {
+if (($_GET || $_POST) && (!isset($_REQUEST["csrf"]) || $_REQUEST["csrf"] !== $_SESSION["csrf"])) {
 	die("Bad CSRF token. Please report the error info at https://github.com/mattpass/ICEcoder so it can be fixed.<br><br>
 		CSRF issue:<br>
 		REQUEST: ".$_REQUEST["csrf"]."<br>

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`$_SESSION["csrf"] = md5(uniqid(mt_rand(), true));`
`8`	`8`	`}`
`9`	`9`
`10`		`-if (($_GET \|\| $_POST) && $_REQUEST["csrf"] !== $_SESSION["csrf"]) {`
	`10`	`+if (($_GET \|\| $_POST) && (!isset($_REQUEST["csrf"]) \|\| $_REQUEST["csrf"] !== $_SESSION["csrf"])) {`
`11`	`11`	`die("Bad CSRF token. Please report the error info at https://github.com/mattpass/ICEcoder so it can be fixed.<br><br>`
`12`	`12`	`CSRF issue:<br>`
`13`	`13`	`REQUEST: ".$_REQUEST["csrf"]."<br>`