diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-12-11 11:40:51 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-12-11 11:40:51 +0100 |
| commit | 6317ba8cb4fef328bf828eab5197cc58f7057221 (patch) | |
| tree | c54316e17a23a2a29f5a61391fb433c1436a8cf8 /lib/private/security/stringutils.php | |
| parent | 86bd95ea1b19a42b2a41f8851f7451d38c92957b (diff) | |
| parent | 2f3b10f980db9a54fc0022c69387ae5d7d9c0914 (diff) | |
| download | nextcloud-server-6317ba8cb4fef328bf828eab5197cc58f7057221.tar.gz nextcloud-server-6317ba8cb4fef328bf828eab5197cc58f7057221.zip | |
Merge pull request #21135 from owncloud/add-polyfill
Add polyfills for PHP55, PHP56 and PHP70 functionalities
Diffstat (limited to 'lib/private/security/stringutils.php')
| -rw-r--r-- | lib/private/security/stringutils.php | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/lib/private/security/stringutils.php b/lib/private/security/stringutils.php deleted file mode 100644 index fa4342a2b45..00000000000 --- a/lib/private/security/stringutils.php +++ /dev/null @@ -1,60 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * @author Morris Jobke <hey@morrisjobke.de> - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -namespace OC\Security; - -class StringUtils { - - /** - * Compares whether two strings are equal. To prevent guessing of the string - * length this is done by comparing two hashes against each other and afterwards - * a comparison of the real string to prevent against the unlikely chance of - * collisions. - * - * Be aware that this function may leak whether the string to compare have a different - * length. - * - * @param string $expected The expected value - * @param string $input The input to compare against - * @return bool True if the two strings are equal, otherwise false. - */ - public static function equals($expected, $input) { - - if(!is_string($expected) || !is_string($input)) { - return false; - } - - if(function_exists('hash_equals')) { - return hash_equals($expected, $input); - } - - $randomString = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate(10); - - if(hash('sha512', $expected.$randomString) === hash('sha512', $input.$randomString)) { - if($expected === $input) { - return true; - } - } - - return false; - } -}
\ No newline at end of file |