From 9fc01d26fc25e97049bad55e52ced4fc0e4d9ab9 Mon Sep 17 00:00:00 2001
From: Wing <steely.wing@gmail.com>
Date: Sat, 22 Feb 2014 13:37:18 +0800
Subject: [PATCH] use core StringUtils to compare hashes

---
 .../Http/RememberMe/TokenBasedRememberMeServices.php | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
index 571abbeeecae..f3a39fe2f677 100644
--- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -17,6 +17,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\Util\StringUtils;
 
 /**
  * Concrete implementation of the RememberMeServicesInterface providing
@@ -77,16 +78,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
      */
     private function compareHashes($hash1, $hash2)
     {
-        if (strlen($hash1) !== $c = strlen($hash2)) {
-            return false;
-        }
-
-        $result = 0;
-        for ($i = 0; $i < $c; $i++) {
-            $result |= ord($hash1[$i]) ^ ord($hash2[$i]);
-        }
-
-        return 0 === $result;
+        return StringUtils::equals($hash1, $hash2);
     }
 
     /**