Default to `null` for lostpassword

We oC 8 we use the `StringUtils::equals` method which will also verify the type, since we don't anylonger hash the token twice this is required in case somebody is able to invoke this route with an empty `$token`.

diff --git a/core/lostpassword/controller/lostcontroller.php b/core/lostpassword/controller/lostcontroller.php
index aee4001ed37057acbcf5cc230122c9fa0a4054a6..5297e9a9a2a4a60951d11086c40e5edce0248df4 100644 (file)
--- a/core/lostpassword/controller/lostcontroller.php
+++ b/core/lostpassword/controller/lostcontroller.php
@@ -148,7 +148,7 @@ class LostController extends Controller {
                try {
                        $user = $this->userManager->get($userId);
 
-                       if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword'), $token)) {
+                       if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword', null), $token)) {
                                throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
                        }