diff options
| author | javiexin <javiexin@gmail.com> | 2015-07-09 20:02:39 +0200 |
|---|---|---|
| committer | javiexin <javiexin@gmail.com> | 2015-07-09 20:02:39 +0200 |
| commit | 054da801144c5e6f70a3c7fcd8244c38e2a1c619 (patch) | |
| tree | dbbdb2dcb9cea44e67a5d0122946167786c557fe /phpBB/phpbb/passwords | |
| parent | 558d604d83fd5ded2edc854a9944ad0d1188e2e5 (diff) | |
| parent | f576f42b4d3c607aee6b30154502adfed79301fb (diff) | |
| download | forums-054da801144c5e6f70a3c7fcd8244c38e2a1c619.tar forums-054da801144c5e6f70a3c7fcd8244c38e2a1c619.tar.gz forums-054da801144c5e6f70a3c7fcd8244c38e2a1c619.tar.bz2 forums-054da801144c5e6f70a3c7fcd8244c38e2a1c619.tar.xz forums-054da801144c5e6f70a3c7fcd8244c38e2a1c619.zip | |
Merge pull request #1 from phpbb/3.1.x
Bring version up to date 20150708
Diffstat (limited to 'phpBB/phpbb/passwords')
| -rw-r--r-- | phpBB/phpbb/passwords/driver/helper.php | 16 | ||||
| -rw-r--r-- | phpBB/phpbb/passwords/manager.php | 2 |
2 files changed, 15 insertions, 3 deletions
diff --git a/phpBB/phpbb/passwords/driver/helper.php b/phpBB/phpbb/passwords/driver/helper.php index caa65080ac..f80c3e3df6 100644 --- a/phpBB/phpbb/passwords/driver/helper.php +++ b/phpBB/phpbb/passwords/driver/helper.php @@ -153,11 +153,23 @@ class helper */ public function string_compare($string_a, $string_b) { - $difference = strlen($string_a) != strlen($string_b); + // Return if input variables are not strings or if length does not match + if (!is_string($string_a) || !is_string($string_b) || strlen($string_a) != strlen($string_b)) + { + return false; + } + + // Use hash_equals() if it's available + if (function_exists('hash_equals')) + { + return hash_equals($string_a, $string_b); + } + + $difference = 0; for ($i = 0; $i < strlen($string_a) && $i < strlen($string_b); $i++) { - $difference |= $string_a[$i] != $string_b[$i]; + $difference |= ord($string_a[$i]) ^ ord($string_b[$i]); } return $difference === 0; diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index fbb49d86a0..aa9147ecf4 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -56,7 +56,7 @@ class manager * @param array $hashing_algorithms Hashing driver * service collection * @param \phpbb\passwords\helper $helper Passwords helper object - * @param string $defaults List of default driver types + * @param array $defaults List of default driver types */ public function __construct(\phpbb\config\config $config, $hashing_algorithms, helper $helper, $defaults) { |