We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent dbb2673 commit ec0e88eCopy full SHA for ec0e88e
libraries/common.inc.php
@@ -474,7 +474,7 @@
474
$token_provided = false;
475
if (PMA_isValid($_REQUEST['token'])) {
476
$token_provided = true;
477
- $token_mismatch = ($_SESSION[' PMA_token '] != $_REQUEST['token']);
+ $token_mismatch = ! hash_equals($_SESSION[' PMA_token '], $_REQUEST['token']);
478
}
479
480
if ($token_mismatch) {
libraries/core.lib.php
@@ -998,3 +998,12 @@ function PMA_setGlobalDbOrTable($param)
998
$GLOBALS['url_params'][$param] = $GLOBALS[$param];
999
1000
1001
+
1002
+/* Compatibility with PHP < 5.6 */
1003
+if(! function_exists('hash_equals')) {
1004
+ function hash_equals($a, $b) {
1005
+ $ret = strlen($a) ^ strlen($b);
1006
+ $ret |= array_sum(unpack("C*", $a ^ $b));
1007
+ return ! $ret;
1008
+ }
1009
+}
0 commit comments