get can return the empty string, check for that.

While the credential checks were correctly failing when salt was the empty string, it was giving confusing i.e., no log messages.
2026-01-27 00:33:34 +00:00 · 2022-12-19 23:06:04 +13:00 · 2022-12-19 23:06:04 +13:00 · ee26ee730f
commit ee26ee730f
parent 0b709c791d
1 changed files with 1 additions and 1 deletions
--- a/inc/HTTPAuthSession.php
+++ b/inc/HTTPAuthSession.php
@ -458,7 +458,7 @@ class HTTPAuthSession {

    $salt = $cache->get($cache_ns, 'salt');

-    if (isset($salt)) {
+    if (isset($salt) && $salt != '') {
      $sha1_sent = session_salted_sha1($password, $salt);
      $cached_credentials = $cache->get($cache_ns, $sha1_sent);