Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use hash_equals when checking access_token.

This commit is contained in:
Akeda Bagus 2019-07-15 22:03:31 +07:00
parent 0ffd4db630
commit 47db7588d7
No known key found for this signature in database
GPG Key ID: B21A9FC4B7761412
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/wccom-site/class-wc-wccom-site.php
View File

@ -71,7 +71,7 @@ class WC_WCCOM_Site {
require_once WC_ABSPATH . 'includes/admin/helper/class-wc-helper-options.php';
$access_token = trim( substr( $request_auth, 7 ) );
$site_auth = WC_Helper_Options::get( 'auth' );
if ( empty( $site_auth['access_token'] ) || $access_token !== $site_auth['access_token'] ) {
if ( empty( $site_auth['access_token'] ) || ! hash_equals( $access_token, $site_auth['access_token'] ) ) {
return false;
}