Skip to content
Permalink
Browse files

Look at bytes instead of characters.

Looking at characters can yield the wrong results when multibyte
characters are encountered.
  • Loading branch information...
markstory committed Mar 23, 2015
1 parent d77a4c1 commit f7470f46a9c8402e4bf6a1dfbd3a613945f1d8f5
Showing with 2 additions and 2 deletions.
  1. +2 −2 src/Utility/Security.php
@@ -248,8 +248,8 @@ protected static function _constantEquals($hmac, $compare)
if (function_exists('hash_equals')) {
return hash_equals($hmac, $compare);
}
$hashLength = mb_strlen($hmac, '8bit');
$compareLength = mb_strlen($compare, '8bit');
$hashLength = strlen($hmac);
$compareLength = strlen($compare);
if ($hashLength !== $compareLength) {
return false;
}

0 comments on commit f7470f4

Please sign in to comment.
You can’t perform that action at this time.