From e6de2a55216d81b0a77611fad65eee5a51b3cb0a Mon Sep 17 00:00:00 2001
From: Samuel Georges <sam@daftspunk.com>
Date: Thu, 2 Nov 2017 19:52:54 +1100
Subject: [PATCH] Fixes exception on empty token

---
 modules/backend/classes/Controller.php | 4 ++++
 modules/cms/classes/Controller.php     | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/modules/backend/classes/Controller.php b/modules/backend/classes/Controller.php
index cabaefd3d..ddee7a36a 100644
--- a/modules/backend/classes/Controller.php
+++ b/modules/backend/classes/Controller.php
@@ -691,6 +691,10 @@ class Controller extends Extendable
 
         $token = Request::input('_token') ?: Request::header('X-CSRF-TOKEN');
 
+        if (!strlen($token)) {
+            return false;
+        }
+
         return hash_equals(
             Session::token(),
             $token
diff --git a/modules/cms/classes/Controller.php b/modules/cms/classes/Controller.php
index 971da3f41..dc67dce66 100644
--- a/modules/cms/classes/Controller.php
+++ b/modules/cms/classes/Controller.php
@@ -1379,6 +1379,10 @@ class Controller
 
         $token = Request::input('_token') ?: Request::header('X-CSRF-TOKEN');
 
+        if (!strlen($token)) {
+            return false;
+        }
+
         return hash_equals(
             Session::token(),
             $token