From ee26ee730f4b78c20b232ed1c58e8e678ff41c2f Mon Sep 17 00:00:00 2001
From: Andrew Ruthven <andrew@etc.gen.nz>
Date: Mon, 19 Dec 2022 23:06:04 +1300
Subject: [PATCH] get can return the empty string, check for that.

While the credential checks were correctly failing when salt was the
empty string, it was giving confusing i.e., no log messages.
---
 inc/HTTPAuthSession.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/HTTPAuthSession.php b/inc/HTTPAuthSession.php
index c2768b55..e5ec3cbb 100644
--- a/inc/HTTPAuthSession.php
+++ b/inc/HTTPAuthSession.php
@@ -458,7 +458,7 @@ class HTTPAuthSession {
 
     $salt = $cache->get($cache_ns, 'salt');
 
-    if (isset($salt)) {
+    if (isset($salt) && $salt != '') {
       $sha1_sent = session_salted_sha1($password, $salt);
       $cached_credentials = $cache->get($cache_ns, $sha1_sent);