Use \hash_equals in CryptoUtil::validateSignedString()

diff --git a/wcfsetup/install/files/lib/util/CryptoUtil.class.php b/wcfsetup/install/files/lib/util/CryptoUtil.class.php
index 0856d7510d6e8d2e59f2c079c886bdab8fce5cea..9009f91d2b47461d648fbe2d0f503075e2291542 100644 (file)
--- a/wcfsetup/install/files/lib/util/CryptoUtil.class.php
+++ b/wcfsetup/install/files/lib/util/CryptoUtil.class.php
@@ -50,7 +50,7 @@ final class CryptoUtil {
                list($signature, $value) = $parts;
                $value = base64_decode($value);
                
-               return self::secureCompare($signature, self::getSignature($value));
+               return \hash_equals($signature, self::getSignature($value));
        }
 
        /**