Look at bytes instead of characters.

Looking at characters can yield the wrong results when multibyte characters are encountered.
cakephp · Mar 23, 2015 · f7470f4 · f7470f4
1 parent d77a4c1
commit f7470f4
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Utility/Security.php b/src/Utility/Security.php
@@ -248,8 +248,8 @@ protected static function _constantEquals($hmac, $compare)
         if (function_exists('hash_equals')) {
             return hash_equals($hmac, $compare);
         }
-        $hashLength = mb_strlen($hmac, '8bit');
-        $compareLength = mb_strlen($compare, '8bit');
+        $hashLength = strlen($hmac);
+        $compareLength = strlen($compare);
         if ($hashLength !== $compareLength) {
             return false;
         }