diff options
author | brantje <brantje@gmail.com> | 2017-01-06 21:38:47 +0300 |
---|---|---|
committer | brantje <brantje@gmail.com> | 2017-01-06 21:38:47 +0300 |
commit | f0e00c5704db9839db6bc0a50867656975ed2f88 (patch) | |
tree | 7594d565376aa4a10ebb7337873b16a77399dfac /controller | |
parent | 1eab778775eb6d27917a0a55826c1fdd0674b62d (diff) | |
parent | cf59eee98c358a96dd40718eac4bf60416dea482 (diff) |
Merge remote-tracking branch 'EdOverflow/hash_equals'
Diffstat (limited to 'controller')
-rw-r--r-- | controller/credentialcontroller.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php index 51645fb7..3c6dd6b5 100644 --- a/controller/credentialcontroller.php +++ b/controller/credentialcontroller.php @@ -142,7 +142,7 @@ class CredentialController extends ApiController { ); - if ($storedCredential->getUserId() !== $this->userId) { + if (!hash_equals($storedCredential->getUserId(), $this->userId)) { $acl = $this->sharingService->getCredentialAclForUser($this->userId, $storedCredential->getGuid()); if ($acl->hasPermission(SharingACL::WRITE)) { $credential['shared_key'] = $storedCredential->getSharedKey(); @@ -219,7 +219,7 @@ class CredentialController extends ApiController { '', array(), $link, $target_user, Activity::TYPE_ITEM_ACTION); } - if ($this->userId !== $storedCredential->getUserId()) { + if (!hash_equals($this->userId, $storedCredential->getUserId())) { $this->activityService->add( $activity, $params, '', array(), |