From 9fc01d26fc25e97049bad55e52ced4fc0e4d9ab9 Mon Sep 17 00:00:00 2001 From: Wing Date: Sat, 22 Feb 2014 13:37:18 +0800 Subject: [PATCH] use core StringUtils to compare hashes --- .../Http/RememberMe/TokenBasedRememberMeServices.php | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php index 571abbeeecaea..f3a39fe2f677c 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php @@ -17,6 +17,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\Util\StringUtils; /** * Concrete implementation of the RememberMeServicesInterface providing @@ -77,16 +78,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request) */ private function compareHashes($hash1, $hash2) { - if (strlen($hash1) !== $c = strlen($hash2)) { - return false; - } - - $result = 0; - for ($i = 0; $i < $c; $i++) { - $result |= ord($hash1[$i]) ^ ord($hash2[$i]); - } - - return 0 === $result; + return StringUtils::equals($hash1, $hash2); } /** pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy