diff options
| author | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2015-06-06 11:45:42 +0200 |
|---|---|---|
| committer | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2015-06-06 11:45:42 +0200 |
| commit | 12c793bcd1b35321c1a8b4478de8c55f65e2dfed (patch) | |
| tree | 8f3c4c7995539bbe221ab11a7e1e9d0f8cdd63f4 | |
| parent | b30c699900a88a5f4d1e346b64482c3acd23e001 (diff) | |
| parent | bed8df20d20ebc51046a0f6dde237ffc8f2ff67d (diff) | |
| download | forums-12c793bcd1b35321c1a8b4478de8c55f65e2dfed.tar forums-12c793bcd1b35321c1a8b4478de8c55f65e2dfed.tar.gz forums-12c793bcd1b35321c1a8b4478de8c55f65e2dfed.tar.bz2 forums-12c793bcd1b35321c1a8b4478de8c55f65e2dfed.tar.xz forums-12c793bcd1b35321c1a8b4478de8c55f65e2dfed.zip | |
Merge branch '3.1.x'
| -rw-r--r-- | phpBB/phpbb/passwords/driver/helper.php | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/phpBB/phpbb/passwords/driver/helper.php b/phpBB/phpbb/passwords/driver/helper.php index caa65080ac..f80c3e3df6 100644 --- a/phpBB/phpbb/passwords/driver/helper.php +++ b/phpBB/phpbb/passwords/driver/helper.php @@ -153,11 +153,23 @@ class helper */ public function string_compare($string_a, $string_b) { - $difference = strlen($string_a) != strlen($string_b); + // Return if input variables are not strings or if length does not match + if (!is_string($string_a) || !is_string($string_b) || strlen($string_a) != strlen($string_b)) + { + return false; + } + + // Use hash_equals() if it's available + if (function_exists('hash_equals')) + { + return hash_equals($string_a, $string_b); + } + + $difference = 0; for ($i = 0; $i < strlen($string_a) && $i < strlen($string_b); $i++) { - $difference |= $string_a[$i] != $string_b[$i]; + $difference |= ord($string_a[$i]) ^ ord($string_b[$i]); } return $difference === 0; |