From c2b7e4d6c212f3231e447988e1bcf69d6590e85b Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 16 Jun 2020 15:22:20 +0200
Subject: [PATCH] check for $_POST['logininfo'/'action']

---
 op/op.Login.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/op/op.Login.php b/op/op.Login.php
index 88b4af57c..21c6ba730 100644
--- a/op/op.Login.php
+++ b/op/op.Login.php
@@ -86,12 +86,13 @@ else if (isset($_GET["referuri"]) && strlen($_GET["referuri"])>0) {
 add_log_line();
 
 $controller->setParam('login', $login);
-$controller->setParam('logininfo', $_POST['logininfo'] ? $_POST['logininfo'] : '');
+$controller->setParam('logininfo', !empty($_POST['logininfo']) ? $_POST['logininfo'] : '');
 $controller->setParam('pwd', $pwd);
 $controller->setParam('lang', $lang);
 $controller->setParam('sesstheme', $sesstheme);
 $controller->setParam('session', $session);
-switch($_POST['action']) {
+$action = !empty($_POST['action']) ? $_POST['action'] : '';
+switch($action) {
 case 'preparelogin':
 	$controller->preparelogin();
 	exit();