Skip to content

Commit

Permalink
Prevent timing attacks on helpdesk form tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@AdrienClairembault @trasher
AdrienClairembault authored and trasher committed Jan 24, 2025
1 parent 576fcd0 commit 5a624f9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/Glpi/Form/AccessControl/ControlType/DirectAccess.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ private function validateToken(
return false;
}

return $config->getToken() === $token;
return hash_equals($config->getToken(), $token);
}

public function allowUnauthenticated(JsonFieldInterface $config): bool
Expand Down

0 comments on commit 5a624f9

Please sign in to comment.