Fo0bar has submitted this change and it was merged.
Change subject: Use === for comparisons
......................................................................
Use === for comparisons
"$testhash == $computedhash" may allow for increased collision probability,
due to PHP's loose type handling, so use ===.
Thanks to Alyssa Milburn for discovering this.
Change-Id: I612e7df65c925df31c9c71136791fa1e93a99783
---
M SecureHTML.php
1 file changed, 2 insertions(+), 2 deletions(-)
Approvals:
Fo0bar: Verified; Looks good to me, approved
jenkins-bot: Checked
diff --git a/SecureHTML.php b/SecureHTML.php
index 90f1fd1..1f39c21 100644
--- a/SecureHTML.php
+++ b/SecureHTML.php
@@ -82,7 +82,7 @@
}
# If the array is empty, there is no possible way this will work.
- if ( count( $wgSecureHTMLSecrets ) == 0 ) {
+ if ( count( $wgSecureHTMLSecrets ) === 0 ) {
return( Html::rawElement( 'div', array( 'class' => 'error' ),
wfMessage( 'securehtml-nokeys' ) ) );
}
@@ -117,7 +117,7 @@
$testhash = hash_hmac( $keyalgorithm, $input, $keysecret );
# If the test hash matches the supplied hash, return the raw HTML.
Otherwise, error.
- if ( $testhash == $argv['hash'] ) {
+ if ( $testhash === $argv['hash'] ) {
return( array( $input, 'markerType' => 'nowiki' ) );
} else {
return( Html::rawElement( 'div', array( 'class' => 'error' ),
wfMessage( 'securehtml-invalidhash' ) ) );
--
To view, visit https://gerrit.wikimedia.org/r/300760
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I612e7df65c925df31c9c71136791fa1e93a99783
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/SecureHTML
Gerrit-Branch: master
Gerrit-Owner: Fo0bar <r...@finnie.org>
Gerrit-Reviewer: Fo0bar <r...@finnie.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
