]> git.p6c8.net - jirafeau/jirafeau.git/blobdiff - f.php
git.p6c8.net / jirafeau / jirafeau.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Compare stored hashes for admin and download password using hash_equals()
[jirafeau/jirafeau.git] / f.php
diff --git a/f.php b/f.php
index f523f728a2e57f0dfc75498a40315283033d0d8e..a93ec981949aed82ac2173f64918432119bd44fb 100644 (file)
--- a/f.php
+++ b/f.php
@@ -171,7 +171,7 @@ if (!empty($link['key'])) {
         require(JIRAFEAU_ROOT.'lib/template/footer.php');
         exit;
     } else {
         require(JIRAFEAU_ROOT.'lib/template/footer.php');
         exit;
     } else {
-        if ($link['key'] == md5($_POST['key'])) {
+        if (hash_equals($link['key'], md5($_POST['key']))) {
             $password_challenged = true;
         } else {
             sleep(2);
             $password_challenged = true;
         } else {
             sleep(2);
Fork of Jirafeau by a group of developers after mojo42 discontinued it; main repository at https://gitlab.com/jirafeau/Jirafeau

patrick-canterino.de