From a5918ac7fbf49e1159619e0d9cd53676b792f6dc Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 29 Dec 2019 22:56:33 +0100
Subject: [PATCH] `PasswordUtil::secureCompare()` was unintentionally removed

See c914372abbe9f62b765f4b0e0b934f6d45150201
---
 .../install/files/lib/util/PasswordUtil.class.php   | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index f872172624..1ac373c782 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -227,6 +227,19 @@ final class PasswordUtil {
 		return $password;
 	}
 	
+	/**
+	 * Compares two strings in a constant time manner.
+	 * This function effectively is a polyfill for the PHP 5.6 `hash_equals`.
+	 *
+	 * @param	string		$hash1
+	 * @param	string		$hash2
+	 * @return	boolean
+	 * @deprecated	Use \wcf\util\CryptoUtil::secureCompare()
+	 */
+	public static function secureCompare($hash1, $hash2) {
+		return \hash_equals($hash1, $hash2);
+	}
+	
 	/**
 	 * @deprecated	Use random_int()
 	 */
-- 
2.20.1