1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
From: Christophe Coevoet <stof@notk.org>
Date: Fri, 24 May 2019 12:09:27 +0200
Subject: [HttpKernel] Use constant time comparison in UriSigner
Origin: backports, https://github.com/symfony/symfony/commit/9a50fc572202f0da41b095900eec79fa3694777c
---
src/Symfony/Component/HttpKernel/UriSigner.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Symfony/Component/HttpKernel/UriSigner.php b/src/Symfony/Component/HttpKernel/UriSigner.php
index c2d0d79..78d9433 100644
--- a/src/Symfony/Component/HttpKernel/UriSigner.php
+++ b/src/Symfony/Component/HttpKernel/UriSigner.php
@@ -81,7 +81,7 @@ class UriSigner
$hash = urlencode($params['_hash']);
unset($params['_hash']);
- return $this->computeHash($this->buildUrl($url, $params)) === $hash;
+ return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
}
private function computeHash($uri)
|
