8000 minor #10311 use core StringUtils to compare hashes (steelywing) · symfony/symfony@6d926c8 · GitHub
[go: up one dir, main page]

Skip to content

Commit 6d926c8

Browse files
committed
minor #10311 use core StringUtils to compare hashes (steelywing)
This PR was merged into the 2.5-dev branch. Discussion ---------- use core StringUtils to compare hashes | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | Commits ------- 9fc01d2 use core StringUtils to compare hashes
2 parents 79baf8d + 9fc01d2 commit 6d926c8

File tree

1 file changed

+2
-10
lines changed

1 file changed

+2
-10
lines changed

src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
1818
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1919
use Symfony\Component\Security\Core\User\UserInterface;
20+
use Symfony\Component\Security\Core\Util\StringUtils;
2021

2122
/**
2223
* Concrete implementation of the RememberMeServicesInterface providing
@@ -77,16 +78,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
7778
*/
7879
private function compareHashes($hash1, $hash2)
7980
{
80-
if (strlen($hash1) !== $c = strlen($hash2)) {
81-
return false;
82-
}
83-
84-
$result = 0;
85-
for ($i = 0; $i < $c; $i++) {
86-
$result |= ord($hash1[$i]) ^ ord($hash2[$i]);
87-
}
88-
89-
return 0 === $result;
81+
return StringUtils::equals($hash1, $hash2);
9082
}
9183

9284
/**

0 commit comments

Comments
 (0)
0