Remove side-effects in hash_equals()

This is functionally identical, but without the side-effect of defining a function in the current namespace. Also, it uses absolute function reference (`\hash_equals` instead of `hash_equals`) because if someone defined `League\OAuth2\Server\TokenType\hash_equals()` elsewhere, it would try that first. Kudos for using `hash_equals()` in your original design for this feature. Many OAuth2 implementations neglect this nuance :)
2024-11-01 16:33:07 +05:30 · 2015-01-01 01:34:22 -05:00 · 2015-01-01 01:34:22 -05:00 · 612775466c
commit 612775466c
parent 740ea24e08
1 changed files with 12 additions and 16 deletions
--- a/src/TokenType/MAC.php
+++ b/src/TokenType/MAC.php
@ -128,22 +128,18 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
     */
    private function hash_equals($knownString, $userString)
    {
-        if (!function_exists('hash_equals')) {
-            function hash_equals($knownString, $userString)
-            {
-                if (strlen($knownString) !== strlen($userString)) {
-                    return false;
-                }
-                $len = strlen($knownString);
-                $result = 0;
-                for ($i = 0; $i < $len; $i++) {
-                    $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
-                }
-                // They are only identical strings if $result is exactly 0...
-                return 0 === $result;
-            }
+        if (function_exists('\hash_equals')) {
+            return \hash_equals($knownString, $userString);
        }
-
-        return hash_equals($knownString, $userString);
+        if (strlen($knownString) !== strlen($userString)) {
+            return false;
+        }
+        $len = strlen($knownString);
+        $result = 0;
+        for ($i = 0; $i < $len; $i++) {
+            $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
+        }
+        // They are only identical strings if $result is exactly 0...
+        return 0 === $result;
    }
 }