From 714d6c91176b56bebc904b8a8fe2d0ac23c54211 Mon Sep 17 00:00:00 2001
From: Jean Paul Galea <jeanpaul@yubico.com>
Date: Mon, 18 Apr 2016 16:10:42 +0200
Subject: [PATCH] Avoid ambiguity with client id.

- getHttpVal always returns a string,
	so always treat $client as a string in other checks.
---
 ykval-verify.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ykval-verify.php b/ykval-verify.php
index 5eb230f..c4b7216 100644
--- a/ykval-verify.php
+++ b/ykval-verify.php
@@ -99,7 +99,7 @@ $myLog->log(LOG_DEBUG, "found protocol version $protocol_version");
  * Extract values from HTTP request
  */
 $h = getHttpVal('h', '');
-$client = getHttpVal('id', 0);
+$client = getHttpVal('id', '0');
 $timestamp = getHttpVal('timestamp', 0);
 $otp = getHttpVal('otp', '');
 
@@ -113,7 +113,7 @@ if (preg_match('/^[jxe.uidchtnbpygk]+$/', $otp))
 }
 
 $myLog->request->set('signed', ($h === '' ? '-' : 'signed'));
-$myLog->request->set('client', ($client === 0 ? NULL : $client));
+$myLog->request->set('client', ($client === '0' ? '-' : $client));
 $myLog->request->set('otp', $otp);
 
 
@@ -214,7 +214,7 @@ if (preg_match("/^[0-9]+$/", $client) == 0)
 	$myLog->log(LOG_NOTICE, 'id provided in request must be an integer');
 	sendResp(S_MISSING_PARAMETER, $myLog);
 }
-if ($client <= 0)
+if ($client === '0')
 {
 	$myLog->log(LOG_NOTICE, 'Client ID is missing');
 	sendResp(S_MISSING_PARAMETER, $myLog);