From: Christophe Coevoet <stof@notk.org>
Date: Fri, 24 May 2019 12:09:27 +0200
Subject: [HttpKernel] Use constant time comparison in UriSigner

Origin: backports, https://github.com/symfony/symfony/commit/9a50fc572202f0da41b095900eec79fa3694777c
---
 src/Symfony/Component/HttpKernel/UriSigner.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/HttpKernel/UriSigner.php b/src/Symfony/Component/HttpKernel/UriSigner.php
index c2d0d79..78d9433 100644
--- a/src/Symfony/Component/HttpKernel/UriSigner.php
+++ b/src/Symfony/Component/HttpKernel/UriSigner.php
@@ -81,7 +81,7 @@ class UriSigner
         $hash = urlencode($params['_hash']);
         unset($params['_hash']);
 
-        return $this->computeHash($this->buildUrl($url, $params)) === $hash;
+        return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
     }
 
     private function computeHash($uri)