From 727e9cdb9473f7d4a445e9a5e2bcceab220060bf Mon Sep 17 00:00:00 2001
From: Norbert Micheel <nm@lautundschoen.de>
Date: Mon, 26 Aug 2024 16:57:04 +0200
Subject: [PATCH] Fix empty secret Problem #110 (#104)

---
 lib/Maintenance.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/Maintenance.php b/lib/Maintenance.php
index d6378be..e660cce 100644
--- a/lib/Maintenance.php
+++ b/lib/Maintenance.php
@@ -42,7 +42,7 @@ public function checkUrl(string $url): ?bool
         }
         return null;
     }
-    
+
     /** @api */
     public function checkIp(string $ip): ?bool
     {
@@ -104,17 +104,17 @@ public static function isYrewriteDomainAllowed(): bool
     public static function isSecretAllowed(): bool
     {
         $addon = rex_addon::get('maintenance');
+        $config_secret = strval($addon->getConfig('maintenance_secret'));
 
         // Bereits mit richtigem Secret eingeloggt
-        if (rex_session('maintenance_secret', 'string', '') !== '' && rex_session('maintenance_secret', 'string', '') === strval($addon->getConfig('maintenance_secret'))) { // @phpstan-ignore-line
+        if ($config_secret != '' && rex_session('maintenance_secret', 'string', '') === $config_secret) { // @phpstan-ignore-line
             return true;
         }
 
         $maintenance_secret = rex_request('maintenance_secret', 'string', '');
         $authentification_mode = $addon->getConfig('authentification_mode');
-        $config_secret = strval($addon->getConfig('maintenance_secret'));
 
-        if (($authentification_mode === 'URL' || $authentification_mode === 'password') && $maintenance_secret === $config_secret && rex_session('maintenance_secret', 'string', '') !== '') {
+        if (($authentification_mode === 'URL' || $authentification_mode === 'password') && $config_secret != '' && $maintenance_secret === $config_secret) {
             rex_set_session('maintenance_secret', $maintenance_secret);
             return true;
         }
@@ -207,7 +207,7 @@ public static function checkFrontend(): void
     public static function checkBackend(): void
     {
         $addon = rex_addon::get('maintenance');
-         
+
         if (rex::getUser() instanceof rex_user && !rex::getUser()->isAdmin() && !rex::getImpersonator()) {
             if (strval($addon->getConfig('redirect_backend_to_url'))) { // @phpstan-ignore-line
                 rex_response::sendRedirect(strval($addon->getConfig('redirect_backend_to_url')));  // @phpstan-ignore-line