mirror of
				https://github.com/elyby/oauth2-server.git
				synced 2025-05-31 14:12:07 +05:30 
			
		
		
		
	Remove side-effects in hash_equals()
This is functionally identical, but without the side-effect of defining a function in the current namespace. Also, it uses absolute function reference (`\hash_equals` instead of `hash_equals`) because if someone defined `League\OAuth2\Server\TokenType\hash_equals()` elsewhere, it would try that first. Kudos for using `hash_equals()` in your original design for this feature. Many OAuth2 implementations neglect this nuance :)
This commit is contained in:
		| @@ -128,9 +128,9 @@ class MAC extends AbstractTokenType implements TokenTypeInterface | ||||
|      */ | ||||
|     private function hash_equals($knownString, $userString) | ||||
|     { | ||||
|         if (!function_exists('hash_equals')) { | ||||
|             function hash_equals($knownString, $userString) | ||||
|             { | ||||
|         if (function_exists('\hash_equals')) { | ||||
|             return \hash_equals($knownString, $userString); | ||||
|         } | ||||
|         if (strlen($knownString) !== strlen($userString)) { | ||||
|             return false; | ||||
|         } | ||||
| @@ -142,8 +142,4 @@ class MAC extends AbstractTokenType implements TokenTypeInterface | ||||
|         // They are only identical strings if $result is exactly 0... | ||||
|         return 0 === $result; | ||||
|     } | ||||
|         } | ||||
|  | ||||
|         return hash_equals($knownString, $userString); | ||||
|     } | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user