p3k
/
websub
mirror of https://github.com/aaronpk/p3k-websub.git
1
0
Fork 0
Code Issues 0 Releases 1 Wiki Activity
Browse Source

Use timing attack safe signature verification

pull/2/head
Micah Nordland 3 years ago
committed by GitHub
parent
3e37fbb3e8
commit
b4f19faca8
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      src/p3k/WebSub/Client.php

+ 1
- 1
src/p3k/WebSub/Client.php View File

@ -218,7 +218,7 @@ class Client {
$alg = $match[1];
$sig = $match[2];
$expected_signature = hash_hmac($alg, $body, $secret);
return $sig == $expected_signature;
return hash_equals($sig, $expected_signature);
} else {
return false;
}

Write Preview
Loading…
Cancel
Save