Context Navigation

← Previous Change
Next Change →

compat.php

Timestamp:

12/06/2015 10:03:41 PM (9 years ago)

Author:

nbachiyski

Message:

Docs: clarify inline docs for hash_equals

Before the docs implied the complexity of the function was O(1) by using the term "constant time", now we use the more descriptive term "Timing attack safe".

Props AramZS.
Fixes #32778.

File:

: 1 edited

trunk/src/wp-includes/compat.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-includes/compat.php

-                      r34981
+                      r35805
 if ( ! function_exists( 'hash_equals' ) ) :
 /**
+ * Compare two strings in constant time.
+ * Timing attack safe string comparison
+ *
+ * Compares two strings using the same time whether they're equal or not.
+ *
  * This function was added in PHP 5.6.
+ * It can leak the length of a string.
+ *
+ * Note: It can leak the length of a string when arguments of differing length are supplied.
+ *
  * @since 3.9.2
+ *
  * @param string $a Expected string.
  * @param string $b Actual string.
+ * @param string $b Actual, user supplied, string.
  * @return bool Whether strings are equal.
  */

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 35805 for trunk/src/wp-includes/compat.php

Legend:

trunk/src/wp-includes/compat.php

Download in other formats: