diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-10-22 16:57:50 -0400 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-10-22 16:57:50 -0400 |
| commit | fad280f94b97799cf12a636b65f7f2288e8b3640 (patch) | |
| tree | 821234d51023b240cb38a0e8a04194ec73e75a4c /phpBB/phpbb/passwords/driver/bcrypt.php | |
| parent | e43d1781bf17c9265f075dfc0cc38d807fe3b70e (diff) | |
| parent | cf9d1fbd1a7013f561a736b9fc2157b7f935b7d6 (diff) | |
| download | forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.gz forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.bz2 forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.xz forums-fad280f94b97799cf12a636b65f7f2288e8b3640.zip | |
Merge pull request #3056 from marc1706/ticket/13203
[ticket/13203] Use constant time comparison method for comparing password hashes
Diffstat (limited to 'phpBB/phpbb/passwords/driver/bcrypt.php')
| -rw-r--r-- | phpBB/phpbb/passwords/driver/bcrypt.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/phpbb/passwords/driver/bcrypt.php b/phpBB/phpbb/passwords/driver/bcrypt.php index 23add37a56..eab1c3d569 100644 --- a/phpBB/phpbb/passwords/driver/bcrypt.php +++ b/phpBB/phpbb/passwords/driver/bcrypt.php @@ -68,7 +68,7 @@ class bcrypt extends base return false; } - if ($hash == $this->hash($password, $salt)) + if ($this->helper->string_compare($hash, $this->hash($password, $salt))) { return true; } |