Improve \hash_equals call
authorJoshua Rüsweg <ruesweg@woltlab.com>
Sun, 14 Jun 2020 15:02:00 +0000 (17:02 +0200)
committerGitHub <noreply@github.com>
Sun, 14 Jun 2020 15:02:00 +0000 (17:02 +0200)
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
wcfsetup/install/files/lib/form/RegisterActivationForm.class.php

index e01d196f3b5c37d9245deb51c58c6a3f4a720044..5a12caa2ae5069c71868732799871246c3e41957 100644 (file)
@@ -83,7 +83,7 @@ class RegisterActivationForm extends AbstractForm {
                }
                
                // check given activation code
-               if (!\hash_equals($this->activationCode, $this->user->emailConfirmed)) {
+               if (!\hash_equals($this->user->emailConfirmed, $this->activationCode)) {
                        throw new UserInputException('activationCode', 'invalid');
                }