Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use timing safe string comparison in CSRF filter #6385

Merged
merged 1 commit into from
Nov 11, 2014
Merged

Use timing safe string comparison in CSRF filter #6385

merged 1 commit into from
Nov 11, 2014

Conversation

barryvdh
Copy link
Contributor

Use a timing safe comparison, as provided by the Symfony Security Component.

As proposed by by @lasselehtinen and @ircmaxell in ba0cf2a

See also laravel/laravel#3126

Use a timing safe comparison, as provided by the Symfony Security Component.
barryvdh referenced this pull request in laravel/laravel Nov 11, 2014
taylorotwell added a commit that referenced this pull request Nov 11, 2014
Use timing safe string comparison in CSRF filter
@taylorotwell taylorotwell merged commit c0bb705 into laravel:master Nov 11, 2014
@barryvdh barryvdh deleted the patch-5 branch November 11, 2014 15:18
@GrahamCampbell
Copy link
Member

We need to depend on the security component in the http composer.json now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants