From 0bc04a4df098da1fd8fe6e272ebf877ae15b7032 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 22 Oct 2014 14:54:55 -0500 Subject: [ticket/13203] Use string_compare method in passwords drivers PHPBB3-13203 --- phpBB/phpbb/passwords/driver/sha1_smf.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/passwords/driver/sha1_smf.php') diff --git a/phpBB/phpbb/passwords/driver/sha1_smf.php b/phpBB/phpbb/passwords/driver/sha1_smf.php index ec64bd6afb..b30d87265e 100644 --- a/phpBB/phpbb/passwords/driver/sha1_smf.php +++ b/phpBB/phpbb/passwords/driver/sha1_smf.php @@ -46,6 +46,6 @@ class sha1_smf extends base */ public function check($password, $hash, $user_row = array()) { - return (strlen($hash) == 40) ? $hash === $this->hash($password, $user_row) : false; + return (strlen($hash) == 40) ? $this->helper->string_compare($hash, $this->hash($password, $user_row)) : false; } } -- cgit v1.2.1