Permalink
Browse files

use core StringUtils to compare hashes

  • Loading branch information...
1 parent 79baf8d commit 9fc01d26fc25e97049bad55e52ced4fc0e4d9ab9 @steelywing steelywing committed Feb 22, 2014
Showing with 2 additions and 10 deletions.
  1. +2 −10 src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -17,6 +17,7 @@
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\Util\StringUtils;
/**
* Concrete implementation of the RememberMeServicesInterface providing
@@ -77,16 +78,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
*/
private function compareHashes($hash1, $hash2)
{
- if (strlen($hash1) !== $c = strlen($hash2)) {
- return false;
- }
-
- $result = 0;
- for ($i = 0; $i < $c; $i++) {
- $result |= ord($hash1[$i]) ^ ord($hash2[$i]);
- }
-
- return 0 === $result;
+ return StringUtils::equals($hash1, $hash2);
}
/**

0 comments on commit 9fc01d2

Please sign in to comment.