diff options
| author | EdOverflow <diopterasec@gmail.com> | 2017-01-04 18:59:14 +0300 |
|---|---|---|
| committer | EdOverflow <diopterasec@gmail.com> | 2017-01-04 18:59:14 +0300 |
| commit | cf59eee98c358a96dd40718eac4bf60416dea482 (patch) | |
| tree | ef2f749c7e3c60920c3dc45128d8e9ec2bf11e50 /controller | |
| parent | f18e4f60e9d8a652d8506f1e23dea54cf2e28d93 (diff) | |
Add hash_equals
Diffstat (limited to 'controller')
| -rw-r--r-- | controller/credentialcontroller.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php index 51645fb7..3c6dd6b5 100644 --- a/controller/credentialcontroller.php +++ b/controller/credentialcontroller.php @@ -142,7 +142,7 @@ class CredentialController extends ApiController { ); - if ($storedCredential->getUserId() !== $this->userId) { + if (!hash_equals($storedCredential->getUserId(), $this->userId)) { $acl = $this->sharingService->getCredentialAclForUser($this->userId, $storedCredential->getGuid()); if ($acl->hasPermission(SharingACL::WRITE)) { $credential['shared_key'] = $storedCredential->getSharedKey(); @@ -219,7 +219,7 @@ class CredentialController extends ApiController { '', array(), $link, $target_user, Activity::TYPE_ITEM_ACTION); } - if ($this->userId !== $storedCredential->getUserId()) { + if (!hash_equals($this->userId, $storedCredential->getUserId())) { $this->activityService->add( $activity, $params, '', array(), |