From fff4394ca77cd0d48cd416306b01f9217de11be4 Mon Sep 17 00:00:00 2001
From: Mrten <bugzilla@ii.nl>
Date: Fri, 27 Sep 2013 11:34:51 +0200
Subject: [PATCH] First test for parameter, then use it

One should test if a parameter exists before using it instead of letting the PHP auto-type conversion magic have its way with it.
---
 ykksm-decrypt.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ykksm-decrypt.php b/ykksm-decrypt.php
index e9433ba..2d9d1e4 100644
--- a/ykksm-decrypt.php
+++ b/ykksm-decrypt.php
@@ -34,11 +34,11 @@ require_once 'ykksm-utils.php';
 openlog("ykksm", LOG_PID, $logfacility)
   or die("ERR Syslog open error\n");
 
-$otp = $_REQUEST["otp"];
-if (!$otp) {
+if (!isset($_REQUEST["otp"])) {
   syslog(LOG_INFO, "No OTP provided");
-  die("ERR No OTP provided\n");
+  die("ERR Invalid OTP format\n");
  }
+$otp = $_REQUEST["otp"];
 
 if (!preg_match("/^([cbdefghijklnrtuv]{0,16})([cbdefghijklnrtuv]{32})$/",
 		$otp, $matches)) {