`PasswordUtil::secureCompare()` was unintentionally removed

See c914372abbe9f62b765f4b0e0b934f6d45150201

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index f8721726245ff9469d3cadda470a2449b9690274..1ac373c7826e29411e222d40c990077c831e41ea 100644 (file)
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -227,6 +227,19 @@ final class PasswordUtil {
                return $password;
        }
        
+       /**
+        * Compares two strings in a constant time manner.
+        * This function effectively is a polyfill for the PHP 5.6 `hash_equals`.
+        *
+        * @param       string          $hash1
+        * @param       string          $hash2
+        * @return      boolean
+        * @deprecated  Use \wcf\util\CryptoUtil::secureCompare()
+        */
+       public static function secureCompare($hash1, $hash2) {
+               return \hash_equals($hash1, $hash2);
+       }
+       
        /**
         * @deprecated  Use random_int()
         */