mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-02 13:47:55 +02:00
Code Issues Releases Wiki Activity

Merge pull request #3680 from marc1706/ticket/13917

Browse Source 
[ticket/13917] Use hash_equals() if possible in password driver helper
This commit is contained in:
Tristan Darricau 2015-06-06 11:45:22 +02:00
commit bed8df20d2
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
phpBB/phpbb/passwords/driver/helper.php
View File

@ -153,11 +153,23 @@ class helper
*/
public function string_compare($string_a, $string_b)
{
$difference = strlen($string_a) != strlen($string_b);
// Return if input variables are not strings or if length does not match
if (!is_string($string_a) || !is_string($string_b) || strlen($string_a) != strlen($string_b))
{
return false;
}
// Use hash_equals() if it's available
if (function_exists('hash_equals'))
{
return hash_equals($string_a, $string_b);
}
$difference = 0;
for ($i = 0; $i < strlen($string_a) && $i < strlen($string_b); $i++)
{
$difference |= $string_a[$i] != $string_b[$i];
$difference |= ord($string_a[$i]) ^ ord($string_b[$i]);
}
return $difference === 0;