check whether $result is a string

stream_get_contents() might return false, and we should not implicitly
convert that to a string

diff --git a/lib/Auth/Source/FSFDrupalAuth.php b/lib/Auth/Source/FSFDrupalAuth.php
index 617788e3c1a9c2c1616fc4675c107ca0a7e69019..dc3373e463a5b5cc116779c2f11723427fa63199 100644 (file)
--- a/lib/Auth/Source/FSFDrupalAuth.php
+++ b/lib/Auth/Source/FSFDrupalAuth.php
@@ -179,7 +179,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
                 $errors_found_yet = true;
             }
     
-            return (!$errors_found_yet && rtrim($result) == "true");
+            return (!$errors_found_yet && is_string($result) && rtrim($result) == "true");
 
         } else {