Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
| Context not available. | |||||
| // We expect a BREACH-mitigating token. See T3684. | // We expect a BREACH-mitigating token. See T3684. | ||||
| $breach_prefix = $this->getBREACHPrefix(); | $breach_prefix = $this->getBREACHPrefix(); | ||||
| $breach_prelen = strlen($breach_prefix); | $breach_prelen = @strlen($breach_prefix); | ||||
| if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) { | if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) { | ||||
| return false; | return false; | ||||
| } | } | ||||
| $salt = substr($token, $breach_prelen, $salt_length); | $salt = @substr($token, $breach_prelen, $salt_length); | ||||
| $token = substr($token, $breach_prelen + $salt_length); | $token = @substr($token, $breach_prelen + $salt_length); | ||||
| foreach ($this->getWindowOffsets() as $offset) { | foreach ($this->getWindowOffsets() as $offset) { | ||||
| $expect_token = $this->newRawToken($salt, $offset); | $expect_token = $this->newRawToken($salt, $offset); | ||||
| Context not available. | |||||
| $secret.$time_block.$salt, | $secret.$time_block.$salt, | ||||
| 'csrf'); | 'csrf'); | ||||
| return substr($hash, 0, $this->getTokenLength()); | return @substr($hash, 0, $this->getTokenLength()); | ||||
| } | } | ||||
| private function getBREACHPrefix() { | private function getBREACHPrefix() { | ||||
| Context not available. | |||||
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0