From e65af22a54337f96e2abe2b612efc2b1533c3775 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Tue, 12 Jul 2022 18:10:31 +0200
Subject: [PATCH] hash_equals() in /reset/mail/

Thanks to @divinity76
---
 web/reset/mail/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php
index 5419d8ea5..c0524ebbf 100644
--- a/web/reset/mail/index.php
+++ b/web/reset/mail/index.php
@@ -149,7 +149,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
         $n_hash = '{MD5}'.$n_hash;
 
         // Change password
-        if ( $v_hash == $n_hash ) {
+        if ( hash_equals($v_hash, $n_hash ) ) {
             $v_new_password = tempnam("/tmp","vst");
             $fp = fopen($v_new_password, "w");
             fwrite($fp, $_POST['new']."\n");