Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use timing safe string comparison in CSRF filter #6385

Merged
merged 1 commit into from Nov 11, 2014

Conversation

@barryvdh
Copy link
Contributor

barryvdh commented Nov 11, 2014

Use a timing safe comparison, as provided by the Symfony Security Component.

As proposed by by @lasselehtinen and @ircmaxell in ba0cf2a

See also laravel/laravel#3126

Use a timing safe comparison, as provided by the Symfony Security Component.
barryvdh referenced this pull request in laravel/laravel Nov 11, 2014
taylorotwell added a commit that referenced this pull request Nov 11, 2014
Use timing safe string comparison in CSRF filter
@taylorotwell taylorotwell merged commit c0bb705 into laravel:master Nov 11, 2014
2 checks passed
2 checks passed
ci/scrutinizer Scrutinizer: No new issues — Tests: passed
Details
continuous-integration/travis-ci The Travis CI build passed
Details
@barryvdh barryvdh deleted the barryvdh:patch-5 branch Nov 11, 2014
@GrahamCampbell

This comment has been minimized.

Copy link
Member

GrahamCampbell commented Nov 11, 2014

We need to depend on the security component in the http composer.json now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.