Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Use mb_strlen instead of strlen.

This avoids potential bombs related to `mbstring.func_overload`.
The 8bit encoding does byte counting (which is what we want).

Refs #6139
Mark Story 11 years ago
parent
48ad0b0c0c
commit
b5761c5c99
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      src/Utility/Security.php

+ 2 - 2
src/Utility/Security.php
View File 

@@ -248,8 +248,8 @@ class Security
 
         if (function_exists('hash_equals')) {
 
             return hash_equals($hmac, $compare);
 
         }
 
-        $hashLength = strlen($hmac);
 
-        $compareLength = strlen($compare);
 
+        $hashLength = mb_strlen($hmac, '8bit');
 
+        $compareLength = mb_strlen($compare, '8bit');
 
         if ($hashLength !== $compareLength) {
 
             return false;
 
         }