mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-01 15:50:09 +00:00
Constant time for wp_verify_nonce().
git-svn-id: https://develop.svn.wordpress.org/trunk@29382 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -94,3 +94,32 @@ if ( !function_exists('json_decode') ) {
|
||||
return is_array($data) ? array_map(__FUNCTION__, $data) : $data;
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! function_exists( 'hash_equals' ) ) :
|
||||
/**
|
||||
* Compare two strings in constant time.
|
||||
*
|
||||
* This function was added in PHP 5.6.
|
||||
* It can leak the length of a string.
|
||||
*
|
||||
* @since 3.9.2
|
||||
*
|
||||
* @param string $a Expected string.
|
||||
* @param string $b Actual string.
|
||||
* @return bool Whether strings are equal.
|
||||
*/
|
||||
function hash_equals( $a, $b ) {
|
||||
$a_length = strlen( $a );
|
||||
if ( $a_length !== strlen( $b ) ) {
|
||||
return false;
|
||||
}
|
||||
$result = 0;
|
||||
|
||||
// Do not attempt to "optimize" this.
|
||||
for ( $i = 0; $i < $a_length; $i++ ) {
|
||||
$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
|
||||
}
|
||||
|
||||
return $result === 0;
|
||||
}
|
||||
endif;
|
||||
Reference in New Issue
Block a user