Merge pull request #290 from sarciszewski/patch-1

Remove side-effects in hash_equals()
thephpleague · Jan 1, 2015 · 19b64c2 · 19b64c2
2 parents 740ea24 + 6127754
commit 19b64c2
Showing 1 changed file with 12 additions and 16 deletions.
diff --git a/src/TokenType/MAC.php b/src/TokenType/MAC.php
@@ -128,22 +128,18 @@ public function determineAccessTokenInHeader(Request $request)
      */
     private function hash_equals($knownString, $userString)
     {
-        if (!function_exists('hash_equals')) {
-            function hash_equals($knownString, $userString)
-            {
-                if (strlen($knownString) !== strlen($userString)) {
-                    return false;
-                }
-                $len = strlen($knownString);
-                $result = 0;
-                for ($i = 0; $i < $len; $i++) {
-                    $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
-                }
-                // They are only identical strings if $result is exactly 0...
-                return 0 === $result;
-            }
+        if (function_exists('\hash_equals')) {
+            return \hash_equals($knownString, $userString);
         }
-
-        return hash_equals($knownString, $userString);
+        if (strlen($knownString) !== strlen($userString)) {
+            return false;
+        }
+        $len = strlen($knownString);
+        $result = 0;
+        for ($i = 0; $i < $len; $i++) {
+            $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
+        }
+        // They are only identical strings if $result is exactly 0...
+        return 0 === $result;
     }
 }