ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-22 11:32:50 +05:30
Code Issues Packages Projects Releases Wiki Activity

Remove side-effects in hash_equals()

Browse Source 
This is functionally identical, but without the side-effect of defining a function in the current namespace.

Also, it uses absolute function reference (`\hash_equals` instead of `hash_equals`) because if someone defined `League\OAuth2\Server\TokenType\hash_equals()` elsewhere, it would try that first.

Kudos for using `hash_equals()` in your original design for this feature. Many OAuth2 implementations neglect this nuance :)
This commit is contained in:
Scott Arciszewski 2015-01-01 01:34:22 -05:00
parent 740ea24e08
commit 612775466c
1 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/TokenType/MAC.php
View File

@ -128,9 +128,9 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
*/
private function hash_equals($knownString, $userString)
{
if (!function_exists('hash_equals')) {
function hash_equals($knownString, $userString)
{
if (function_exists('\hash_equals')) {
return \hash_equals($knownString, $userString);
}
if (strlen($knownString) !== strlen($userString)) {
return false;
}
@ -143,7 +143,3 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
return 0 === $result;
}
}
return hash_equals($knownString, $userString);
}
}