Merge pull request #290 from sarciszewski/patch-1

Remove side-effects in hash_equals()
2025-05-31 14:12:07 +05:30 · 2015-01-01 12:52:03 +00:00 · 2015-01-01 01:34:22 -05:00
1 changed files with 12 additions and 16 deletions
--- a/src/TokenType/MAC.php
+++ b/src/TokenType/MAC.php
@@ -128,22 +128,18 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
     */
    private function hash_equals($knownString, $userString)
    {
-        if (!function_exists('hash_equals')) {
-            function hash_equals($knownString, $userString)
-            {
-                if (strlen($knownString) !== strlen($userString)) {
-                    return false;
-                }
-                $len = strlen($knownString);
-                $result = 0;
-                for ($i = 0; $i < $len; $i++) {
-                    $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
-                }
-                // They are only identical strings if $result is exactly 0...
-                return 0 === $result;
-            }
+        if (function_exists('\hash_equals')) {
+            return \hash_equals($knownString, $userString);
        }
-
-        return hash_equals($knownString, $userString);
+        if (strlen($knownString) !== strlen($userString)) {
+            return false;
+        }
+        $len = strlen($knownString);
+        $result = 0;
+        for ($i = 0; $i < $len; $i++) {
+            $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
+        }
+        // They are only identical strings if $result is exactly 0...
+        return 0 === $result;
    }
 }