Permalink
Browse files

Security: Renaming compareConstant to compare

  • Loading branch information...
1 parent 3b376e6 commit 0ac200f32106803d713d4f2c633e36b140cd689a @daschl daschl committed Dec 28, 2011
Showing with 7 additions and 7 deletions.
  1. +1 −1 security/Password.php
  2. +1 −1 storage/session/strategy/Hmac.php
  3. +4 −4 tests/cases/util/StringTest.php
  4. +1 −1 util/String.php
View
@@ -95,7 +95,7 @@ public static function hash($password, $salt = null) {
* @return boolean Returns a boolean indicating whether the password is correct.
*/
public static function check($password, $hash) {
- return String::compareConstant(crypt($password, $hash), $hash);
+ return String::compare(crypt($password, $hash), $hash);
}
/**
@@ -111,7 +111,7 @@ public function read($data, array $options = array()) {
$currentSignature = $currentData['__signature'];
$signature = static::_signature($currentData);
- if (!String::compareConstant($signature, $currentSignature)) {
+ if (!String::compare($signature, $currentSignature)) {
$message = "Possible data tampering: HMAC signature does not match data.";
throw new RuntimeException($message);
}
@@ -464,10 +464,10 @@ public function testHash() {
$this->assertEqual($expected, $result);
}
- public function testCompareConstant() {
- $this->assertTrue(String::compareConstant('Foo', 'Foo'));
- $this->assertFalse(String::compareConstant('Foo', 'foo'));
- $this->assertFalse(String::compareConstant('1', 1));
+ public function testCompare() {
+ $this->assertTrue(String::compare('Foo', 'Foo'));
+ $this->assertFalse(String::compare('Foo', 'foo'));
+ $this->assertFalse(String::compare('1', 1));
}
/**
View
@@ -193,7 +193,7 @@ public static function hash($string, array $options = array()) {
* @param string $right The right side of the comparison.
* @return boolean Returns a boolean indicating whether the two strings are equal.
*/
- public static function compareConstant($left, $right) {
+ public static function compare($left, $right) {
$result = true;
if (($length = strlen($left)) != strlen($right)) {

0 comments on commit 0ac200f

Please sign in to comment.