diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-10-22 16:57:50 -0400 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-10-22 16:57:50 -0400 |
| commit | fad280f94b97799cf12a636b65f7f2288e8b3640 (patch) | |
| tree | 821234d51023b240cb38a0e8a04194ec73e75a4c /phpBB/phpbb/passwords/driver/bcrypt_wcf2.php | |
| parent | e43d1781bf17c9265f075dfc0cc38d807fe3b70e (diff) | |
| parent | cf9d1fbd1a7013f561a736b9fc2157b7f935b7d6 (diff) | |
| download | forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.gz forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.bz2 forums-fad280f94b97799cf12a636b65f7f2288e8b3640.tar.xz forums-fad280f94b97799cf12a636b65f7f2288e8b3640.zip | |
Merge pull request #3056 from marc1706/ticket/13203
[ticket/13203] Use constant time comparison method for comparing password hashes
Diffstat (limited to 'phpBB/phpbb/passwords/driver/bcrypt_wcf2.php')
| -rw-r--r-- | phpBB/phpbb/passwords/driver/bcrypt_wcf2.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php index 2d6f897a7b..0eee98d7b7 100644 --- a/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php +++ b/phpBB/phpbb/passwords/driver/bcrypt_wcf2.php @@ -78,7 +78,7 @@ class bcrypt_wcf2 extends base return false; } // Works for standard WCF 2.x, i.e. WBB4 and similar - return $hash === $this->bcrypt->hash($this->bcrypt->hash($password, $salt), $salt); + return $this->helper->string_compare($hash, $this->bcrypt->hash($this->bcrypt->hash($password, $salt), $salt)); } } } |