Skip to content

Commit

Permalink
constant time comparsion does not actually add any value
Browse files Browse the repository at this point in the history
  • Loading branch information
@kraih
kraih committed Oct 12, 2015
1 parent 5906ddc commit e8f9a0e
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions lib/Mojolicious/Validator/Validation.pm
View file
@@ -1,8 +1,7 @@
package Mojolicious::Validator::Validation;
use Mojo::Base -base;

use Carp ();
use Mojo::Util 'secure_compare';
use Carp ();
use Scalar::Util ();

has [qw(csrf_token topic validator)];
Expand Down Expand Up @@ -39,7 +38,7 @@ sub csrf_protect {
my $self = shift;
my $token = $self->input->{csrf_token};
$self->error(csrf_token => ['csrf_protect'])
unless $token && secure_compare($token, $self->csrf_token // '');
unless $token && $token eq ($self->csrf_token // '');
return $self;
}

Expand Down

0 comments on commit e8f9a0e

Please sign in to comment.