From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 14 Oct 2020 09:24:23 +0000 (+0200)
Subject: Use \hash_equals in CryptoUtil::validateSignedString()
X-Git-Tag: 5.3.0_RC_2~4
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fb00e070981f6a2a63781bd94cccd0d108ec671f;p=GitHub%2FWoltLab%2FWCF.git

Use \hash_equals in CryptoUtil::validateSignedString()
---

diff --git a/wcfsetup/install/files/lib/util/CryptoUtil.class.php b/wcfsetup/install/files/lib/util/CryptoUtil.class.php
index 0856d7510d..9009f91d2b 100644
--- a/wcfsetup/install/files/lib/util/CryptoUtil.class.php
+++ b/wcfsetup/install/files/lib/util/CryptoUtil.class.php
@@ -50,7 +50,7 @@ final class CryptoUtil {
 		list($signature, $value) = $parts;
 		$value = base64_decode($value);
 		
-		return self::secureCompare($signature, self::getSignature($value));
+		return \hash_equals($signature, self::getSignature($value));
 	}
 
 	/**