From: Tim Düsterhus <timwolla@googlemail.com>
Date: Thu, 3 Jan 2013 17:53:32 +0000 (+0100)
Subject: Use secure comparing for the access token
X-Git-Tag: 2.0.0_Beta_1~584^2~1^2~4
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ac70574e79ca5d863310ced07fc7584cd7447e55;p=GitHub%2FWoltLab%2FWCF.git

Use secure comparing for the access token
---

diff --git a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
index ff38e352f2..7b221f2a04 100644
--- a/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
+++ b/wcfsetup/install/files/lib/page/AbstractAuthedPage.class.php
@@ -4,6 +4,7 @@ use wcf\data\user\User;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\session\SessionHandler;
 use wcf\system\WCF;
+use wcf\util\PasswordUtil;
 use wcf\util\StringUtil;
 
 /**
@@ -36,7 +37,7 @@ abstract class AbstractAuthedPage extends AbstractPage {
 			list($userID, $token) = explode('-', StringUtil::trim($_REQUEST['at']));
 			
 			if (WCF::getUser()->userID) {
-				if ($userID == WCF::getUser()->userID && WCF::getUser()->accessToken == $token) {
+				if ($userID == WCF::getUser()->userID && PasswordUtil::secureCompare(WCF::getUser()->accessToken, $token)) {
 					// everything is fine, but we are already logged in
 					return;
 				}
@@ -47,7 +48,7 @@ abstract class AbstractAuthedPage extends AbstractPage {
 			}
 			else {
 				$user = new User($userID);
-				if ($user->accessToken == $token) {
+				if (PasswordUtil::secureCompare($user->accessToken, $token)) {
 					// token is valid -> change user
 					SessionHandler::getInstance()->changeUser($user, true);
 				}