github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 05:44:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

hash_equals() in /reset/mail/

Browse source 
Thanks to @divinity76
This commit is contained in:
myvesta 2022-07-12 18:10:31 +02:00 committed by GitHub
commit e65af22a54
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/reset/mail/index.php
View file

@ -149,7 +149,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
$n_hash = '{MD5}'.$n_hash;
// Change password
if ( $v_hash == $n_hash ) {
if ( hash_equals($v_hash, $n_hash ) ) {
$v_new_password = tempnam("/tmp","vst");
$fp = fopen($v_new_password, "w");
fwrite($fp, $_POST['new']."\n");