Fo0bar has submitted this change and it was merged. Change subject: Use === for comparisons ......................................................................
Use === for comparisons "$testhash == $computedhash" may allow for increased collision probability, due to PHP's loose type handling, so use ===. Thanks to Alyssa Milburn for discovering this. Change-Id: I612e7df65c925df31c9c71136791fa1e93a99783 --- M SecureHTML.php 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: Fo0bar: Verified; Looks good to me, approved jenkins-bot: Checked diff --git a/SecureHTML.php b/SecureHTML.php index 90f1fd1..1f39c21 100644 --- a/SecureHTML.php +++ b/SecureHTML.php @@ -82,7 +82,7 @@ } # If the array is empty, there is no possible way this will work. - if ( count( $wgSecureHTMLSecrets ) == 0 ) { + if ( count( $wgSecureHTMLSecrets ) === 0 ) { return( Html::rawElement( 'div', array( 'class' => 'error' ), wfMessage( 'securehtml-nokeys' ) ) ); } @@ -117,7 +117,7 @@ $testhash = hash_hmac( $keyalgorithm, $input, $keysecret ); # If the test hash matches the supplied hash, return the raw HTML. Otherwise, error. - if ( $testhash == $argv['hash'] ) { + if ( $testhash === $argv['hash'] ) { return( array( $input, 'markerType' => 'nowiki' ) ); } else { return( Html::rawElement( 'div', array( 'class' => 'error' ), wfMessage( 'securehtml-invalidhash' ) ) ); -- To view, visit https://gerrit.wikimedia.org/r/300760 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I612e7df65c925df31c9c71136791fa1e93a99783 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/SecureHTML Gerrit-Branch: master Gerrit-Owner: Fo0bar <r...@finnie.org> Gerrit-Reviewer: Fo0bar <r...@finnie.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits