summaryrefslogtreecommitdiffstats
path: root/lib/private/security/stringutils.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/security/stringutils.php')
-rw-r--r--lib/private/security/stringutils.php38
1 files changed, 38 insertions, 0 deletions
diff --git a/lib/private/security/stringutils.php b/lib/private/security/stringutils.php
new file mode 100644
index 00000000000..32dff50fa8b
--- /dev/null
+++ b/lib/private/security/stringutils.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Security;
+
+class StringUtils {
+
+ /**
+ * Compares whether two strings are equal. To prevent guessing of the string
+ * length this is done by comparing two hashes against each other and afterwards
+ * a comparison of the real string to prevent against the unlikely chance of
+ * collisions.
+ * @param string $expected The expected value
+ * @param string $input The input to compare against
+ * @return bool True if the two strings are equal, otherwise false.
+ */
+ public static function equals($expected, $input) {
+
+ if(function_exists('hash_equals')) {
+ return hash_equals($expected, $input);
+ }
+
+ $randomString = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10);
+
+ if(hash('sha512', $expected.$randomString) === hash('sha512', $input.$randomString)) {
+ if($expected === $input) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-25 01:20:28 +0000