Merge pull request #2109 from monkeyiq/2024/may/update-hash_equals

monkeyiq · web-flow · commit adbd8da69e8a · 2024-05-27T15:57:08.000+10:00
it seems this is hash_equals with the s at the end
diff --git a/src/SimpleSAML/Session.php b/src/SimpleSAML/Session.php
@@ -10,7 +10,7 @@
 use SimpleSAML\Error;
 use SimpleSAML\Utils;
 
-use function hash_equal;
+use function hash_equals;
 
 /**
  * The Session class holds information about a user session, and everything attached to it.
@@ -362,7 +362,7 @@ public static function getSession(string $sessionId = null): ?Session
                     Logger::warning('Missing AuthToken cookie.');
                     return null;
                 }
-                if (!hash_equal($session->authToken, $_COOKIE[$authTokenCookieName])) {
+                if (!hash_equals($session->authToken, $_COOKIE[$authTokenCookieName])) {
                     Logger::warning('Invalid AuthToken cookie.');
                     return null;
                 }
