Merge pull request #290 from sarciszewski/patch-1

Remove side-effects in hash_equals()
2025-05-31 14:12:07 +05:30 · 2015-01-01 12:52:03 +00:00 · 2015-01-01 01:34:22 -05:00
1 changed files with 12 additions and 16 deletions
--- a/src/TokenType/MAC.php
+++ b/src/TokenType/MAC.php
@@ -128,9 +128,9 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
     */
    private function hash_equals($knownString, $userString)
    {
-        if (!function_exists('hash_equals')) {
+        if (function_exists('\hash_equals')) {
-            function hash_equals($knownString, $userString)
+            return \hash_equals($knownString, $userString);
-            {
+        }
        if (strlen($knownString) !== strlen($userString)) {
            return false;
        }
@@ -142,8 +142,4 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
        // They are only identical strings if $result is exactly 0...
        return 0 === $result;
    }
        }
        return hash_equals($knownString, $userString);
    }
 }