minor enhancements: bug fixes

Author: mebjas

js/csrfprotector.js

@@ -261,7 +261,7 @@ function csrfprotector_init() {
 			if (data !== null && typeof data === 'object') {
 				data.append(CSRFP.CSRFP_TOKEN, CSRFP._getAuthKey());
 			} else {
-				if (data !== "") {
+				if (typeof data != "undefined") {
 					data += "&";
 				} else {
 					data = "";

libs/csrf/csrfprotector.php

@@ -137,7 +137,9 @@ public static function init($length = null, $action = null)
 
 			if (!isset($_COOKIE[self::$config['CSRFP_TOKEN']])
 				|| !isset($_SESSION[self::$config['CSRFP_TOKEN']])
-				|| !is_array($_SESSION[self::$config['CSRFP_TOKEN']]))
+				|| !is_array($_SESSION[self::$config['CSRFP_TOKEN']])
+				|| !in_array($_COOKIE[self::$config['CSRFP_TOKEN']],
+					$_SESSION[self::$config['CSRFP_TOKEN']]))
 				self::refreshToken();
 
 			// Set protected by CSRF Protector header