From 08404a55c014e3bfbf209d43ff02da2c62341366 Mon Sep 17 00:00:00 2001
From: nielsvangijzen <n.van.gijzen@gmail.com>
Date: Fri, 29 Nov 2019 09:58:46 +0100
Subject: [PATCH] Addressed comments made by @puck42

---
 inc/csrf_tokens.php       | 2 +-
 inc/ui/principal-edit.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/csrf_tokens.php b/inc/csrf_tokens.php
index c515c269..9d05ec4e 100644
--- a/inc/csrf_tokens.php
+++ b/inc/csrf_tokens.php
@@ -107,7 +107,7 @@ function verifyCsrf($csrf_token) {
         return hash_equals($current_csrf, $csrf_token);
     }
 
-    return false;
+    return $current_csrf === $csrf_token;
 }
 
 /**
diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php
index ca14d370..6646b7c2 100644
--- a/inc/ui/principal-edit.php
+++ b/inc/ui/principal-edit.php
@@ -245,7 +245,7 @@ function principal_editor() {
       $c->messages[] = i18n("Updating Principal record.");
     }
     $editor->Write();
-      if ( $_POST['type_id'] != 3 && $editor->IsCreate() ) {
+    if ( $_POST['type_id'] != 3 && $editor->IsCreate() ) {
       /** We only add the default calendar if it isn't a group, and this is a create action */
       require_once('auth-functions.php');
       CreateHomeCollections($editor->Value('username'));