sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Docs: clarify inline docs for hash_equals 

Before the docs implied the complexity of the function was O(1) by using the term "constant time", now we use the more descriptive term "Timing attack safe".

Props AramZS.
Fixes #32778.


git-svn-id: https://develop.svn.wordpress.org/trunk@35805 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Nikolay Bachiyski 2015-12-06 22:03:41 +00:00
parent 872bfdeed0
commit 662ed9feea
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/wp-includes/compat.php
View File

@ -228,15 +228,18 @@ if ( !function_exists('json_decode') ) {
if ( ! function_exists( 'hash_equals' ) ) : if ( ! function_exists( 'hash_equals' ) ) :
/** /**
* Compare two strings in constant time. * Timing attack safe string comparison
*
* Compares two strings using the same time whether they're equal or not.
* *
* This function was added in PHP 5.6. * This function was added in PHP 5.6.
* It can leak the length of a string. *
* Note: It can leak the length of a string when arguments of differing length are supplied.
* *
* @since 3.9.2 * @since 3.9.2
* *
* @param string $a Expected string. * @param string $a Expected string.
* @param string $b Actual string. * @param string $b Actual, user supplied, string.
* @return bool Whether strings are equal. * @return bool Whether strings are equal.
*/ */
function hash_equals( $a, $b ) { function hash_equals( $a, $b ) {