commit fdffc35f4eb4449a5e428a886e3fd718c2e741ce parent 91db7b2f8964fe6404a8762d1ecbd3c061cf04b7 Author: markseu <mark2011@mayberg.se> Date: Thu, 10 May 2018 17:38:05 +0200 Updated core, toolbox refactoring Diffstat:
| M | system/plugins/core.php | | | 10 | ++++++++-- |
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/system/plugins/core.php b/system/plugins/core.php @@ -3357,8 +3357,14 @@ class YellowToolbox } break; } - $ok = !empty($hashCalculated) && strlenb($hashCalculated)==strlenb($hash); - if($ok) for($i=0; $i<strlenb($hashCalculated); ++$i) $ok &= $hashCalculated[$i]==$hash[$i]; + return $this->verifyToken($hashCalculated, $hash); + } + + // Verify that text is identical, timing attack safe text string comparison + function verifyToken($text1, $text2) + { + $ok = !empty($text1) && strlenb($text1)==strlenb($text2); + if($ok) for($i=0; $i<strlenb($text1); ++$i) $ok &= $text1[$i]==$text2[$i]; return $ok; }