From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 29 Dec 2019 21:56:33 +0000 (+0100)
Subject: `PasswordUtil::secureCompare()` was unintentionally removed
X-Git-Tag: 5.2.1~34
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a5918ac7fbf49e1159619e0d9cd53676b792f6dc;p=GitHub%2FWoltLab%2FWCF.git

`PasswordUtil::secureCompare()` was unintentionally removed

See c914372abbe9f62b765f4b0e0b934f6d45150201
---

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index f872172624..1ac373c782 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -227,6 +227,19 @@ final class PasswordUtil {
 		return $password;
 	}
 	
+	/**
+	 * Compares two strings in a constant time manner.
+	 * This function effectively is a polyfill for the PHP 5.6 `hash_equals`.
+	 *
+	 * @param	string		$hash1
+	 * @param	string		$hash2
+	 * @return	boolean
+	 * @deprecated	Use \wcf\util\CryptoUtil::secureCompare()
+	 */
+	public static function secureCompare($hash1, $hash2) {
+		return \hash_equals($hash1, $hash2);
+	}
+	
 	/**
 	 * @deprecated	Use random_int()
 	 */