Skip to content

Use timing safe string comparison in CSRF filter#6385

Merged
taylorotwell merged 1 commit intolaravel:masterfrom
barryvdh:patch-5
Nov 11, 2014
Merged

Use timing safe string comparison in CSRF filter#6385
taylorotwell merged 1 commit intolaravel:masterfrom
barryvdh:patch-5

Conversation

@barryvdh
Copy link
Contributor

@barryvdh barryvdh commented Nov 11, 2014

Use a timing safe comparison, as provided by the Symfony Security Component.

As proposed by by @lasselehtinen and @ircmaxell in ba0cf2a

See also laravel/laravel#3126

@barryvdh
Use timing safe string comparison in CSRF filter
5095fcc 
Use a timing safe comparison, as provided by the Symfony Security Component.
barryvdh referenced this pull request in laravel/laravel Nov 11, 2014
@taylorotwell
Check type of token as well.
ba0cf2a
taylorotwell added a commit that referenced this pull request Nov 11, 2014
@taylorotwell
Merge pull request #6385 from barryvdh/patch-5
c0bb705 
Use timing safe string comparison in CSRF filter
@taylorotwell taylorotwell merged commit c0bb705 into laravel:master Nov 11, 2014
@barryvdh barryvdh deleted the patch-5 branch November 11, 2014 15:18
@GrahamCampbell
Copy link
Collaborator

GrahamCampbell commented Nov 11, 2014

We need to depend on the security component in the http composer.json now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@barryvdh @GrahamCampbell @taylorotwell