ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #290 from sarciszewski/patch-1

Browse Source 
Remove side-effects in hash_equals()
This commit is contained in:
Alex Bilbie 2015-01-01 12:52:03 +00:00
commit 19b64c2e65
1 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/TokenType/MAC.php
View File

@ -128,22 +128,18 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
*/ */
private function hash_equals($knownString, $userString) private function hash_equals($knownString, $userString)
{ {
if (!function_exists('hash_equals')) { if (function_exists('\hash_equals')) {
function hash_equals($knownString, $userString) return \hash_equals($knownString, $userString);
{
if (strlen($knownString) !== strlen($userString)) {
return false;
}
$len = strlen($knownString);
$result = 0;
for ($i = 0; $i < $len; $i++) {
$result |= (ord($knownString[$i]) ^ ord($userString[$i]));
}
// They are only identical strings if $result is exactly 0...
return 0 === $result;
}
} }
if (strlen($knownString) !== strlen($userString)) {
return hash_equals($knownString, $userString); return false;
}
$len = strlen($knownString);
$result = 0;
for ($i = 0; $i < $len; $i++) {
$result |= (ord($knownString[$i]) ^ ord($userString[$i]));
}
// They are only identical strings if $result is exactly 0...
return 0 === $result;
} }
} }