Skip to content

Commit

Permalink
perform a constant time comparison
Browse files Browse the repository at this point in the history
  • Loading branch information
@kraih
kraih committed Oct 12, 2015
1 parent 0cc79c4 commit 5906ddc
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions lib/Mojolicious/Validator/Validation.pm
View file
@@ -1,7 +1,8 @@
package Mojolicious::Validator::Validation;
use Mojo::Base -base;

use Carp ();
use Carp ();
use Mojo::Util 'secure_compare';
use Scalar::Util ();

has [qw(csrf_token topic validator)];
Expand Down Expand Up @@ -38,7 +39,7 @@ sub csrf_protect {
my $self = shift;
my $token = $self->input->{csrf_token};
$self->error(csrf_token => ['csrf_protect'])
unless $token && $token eq ($self->csrf_token // '');
unless $token && secure_compare($token, $self->csrf_token // '');
return $self;
}

Expand Down

0 comments on commit 5906ddc

Please sign in to comment.