mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-10 07:22:11 +05:30
Merge pull request #290 from sarciszewski/patch-1
Remove side-effects in hash_equals()
This commit is contained in:
commit
19b64c2e65
@ -128,22 +128,18 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
|
|||||||
*/
|
*/
|
||||||
private function hash_equals($knownString, $userString)
|
private function hash_equals($knownString, $userString)
|
||||||
{
|
{
|
||||||
if (!function_exists('hash_equals')) {
|
if (function_exists('\hash_equals')) {
|
||||||
function hash_equals($knownString, $userString)
|
return \hash_equals($knownString, $userString);
|
||||||
{
|
|
||||||
if (strlen($knownString) !== strlen($userString)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$len = strlen($knownString);
|
|
||||||
$result = 0;
|
|
||||||
for ($i = 0; $i < $len; $i++) {
|
|
||||||
$result |= (ord($knownString[$i]) ^ ord($userString[$i]));
|
|
||||||
}
|
|
||||||
// They are only identical strings if $result is exactly 0...
|
|
||||||
return 0 === $result;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
if (strlen($knownString) !== strlen($userString)) {
|
||||||
return hash_equals($knownString, $userString);
|
return false;
|
||||||
|
}
|
||||||
|
$len = strlen($knownString);
|
||||||
|
$result = 0;
|
||||||
|
for ($i = 0; $i < $len; $i++) {
|
||||||
|
$result |= (ord($knownString[$i]) ^ ord($userString[$i]));
|
||||||
|
}
|
||||||
|
// They are only identical strings if $result is exactly 0...
|
||||||
|
return 0 === $result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user