X-Git-Url: https://git.dogcows.com/gitweb?p=chaz%2Fp5-CGI-Ex;a=blobdiff_plain;f=lib%2FCGI%2FEx%2FAuth.pm;h=33e2a30e03454a1ad97df80b45f0237fd054481e;hp=2dd895debd86b62410bf600898e4792b1fa41ebd;hb=490b94ab4051adf93abf16a4ed34efb923d6e8fc;hpb=ad1be93dffb2b25223fb93cbe2a7d349c6b5c127

diff --git a/lib/CGI/Ex/Auth.pm b/lib/CGI/Ex/Auth.pm
index 2dd895d..33e2a30 100644
--- a/lib/CGI/Ex/Auth.pm
+++ b/lib/CGI/Ex/Auth.pm
@@ -18,7 +18,7 @@ use MIME::Base64 qw(encode_base64 decode_base64);
 use Digest::MD5 qw(md5_hex);
 use CGI::Ex;
 
-$VERSION = '2.21';
+$VERSION = '2.22';
 
 ###----------------------------------------------------------------###
 
@@ -74,6 +74,7 @@ sub get_valid_auth {
         next if ! defined $hash->{$key};
         last if ! $is_form && $had_form_data;  # if form info was passed in - we must use it only
         $had_form_data = 1 if $is_form;
+        next if ! length $hash->{$key};
 
         ### if it looks like a bare username (as in they didn't have javascript) - add in other items
         my $data;
@@ -403,7 +404,7 @@ sub login_hash_common {
 sub verify_token {
     my $self  = shift;
     my $args  = shift;
-    my $token = delete $args->{'token'} || die "Missing token";
+    my $token = delete $args->{'token'}; die "Missing token" if ! length $token;
     my $data  = $self->new_auth_data({token => $token, %$args});
     my $meth;