wpseek.com
Bazujące na WordPress narzędzie wyszukiwania dla deweloperów i twórców motywów.

hash_equals › WordPress Function

Od3.9.2

Przestarzałyn/a

› hash_equals ( $known_string, $user_string )

Parametry: (2)	(string) $known_string Expected string. Wymagane: Tak (string) $user_string Actual, user supplied, string. Wymagane: Tak
Powrót:	(bool) Whether strings are equal.
Zdefiniowane na:	wp-includes/compat.php , linia 318
Codex:	developer.wordpress.org / hash_equals

Timing attack safe string comparison.

Compares two strings using the same time whether they're equal or not. Note: It can leak the length of a string when arguments of differing length are supplied. This function was added in PHP 5.6. However, the Hash extension may be explicitly disabled on select servers. As of PHP 7.4.0, the Hash extension is a core PHP extension and can no longer be disabled. I.e. when PHP 7.4.0 becomes the minimum requirement, this polyfill can be safely removed.

Powiązane Funkcje: has_meta, has_blocks, has_tag, has_term, is_email

Źródło

function hash_equals( $known_string, $user_string ) {
		$known_string_length = strlen( $known_string );

		if ( strlen( $user_string ) !== $known_string_length ) {
			return false;
		}

		$result = 0;

		// Do not attempt to "optimize" this.
		for ( $i = 0; $i < $known_string_length; $i++ ) {
			$result |= ord( $known_string[ $i ] ) ^ ord( $user_string[ $i ] );
		}

		return 0 === $result;
	}
endif;

// sodium_crypto_box() was introduced in PHP 7.2.
if ( ! function_exists( 'sodium_crypto_box' ) ) {
	require ABSPATH . WPINC . '/sodium_compat/autoload.php';
}