Joomla! Issue Tracker | Joomla! CMS #7754 - Use hash_equals for constant-time string comparison

Closed
17 Oct 2015
Medium
Build: staging
# 7754
Diff
zero-24:hash_equals

Success

Success The Travis CI build passed Details

User tests: Successful: Unsuccessful:

zero-24
23 Aug 2015

This PR fixes the Codestyle Issues and replaces: #4206 add kudos goes to @dunglas

@committer please mention @dunglas on commit. Thanks

Use the hash_equals function (introduced in PHP 5.6) for timing attack safe string comparison when available.
Add in the DocBlock that length will leak (see php/php-src#792).

da354f4 23 Aug 2015

use hash equals if the class exitsts

zero-24 - open - 23 Aug 2015

zero-24 - change - 23 Aug 2015

Status

New

⇒

Pending

joomla-cms-bot - change - 23 Aug 2015

Labels

Added: ?

1f6a5c5 23 Aug 2015

use hash equals if the class exists

zero-24 - change - 23 Aug 2015

Category

⇒

Libraries

zero-24 - comment - 17 Oct 2015

Closing because there is no interest. :(

zero-24 - change - 17 Oct 2015

Status	Pending	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2015-10-17 22:27:50
Closed_By		⇒	zero-24

zero-24 - close - 17 Oct 2015

zero-24 - head_ref_deleted - 17 Oct 2015

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#7754] - Use hash_equals for constant-time string comparison

Add a Comment