hash_equals( string $a, string $b )

Timing attack safe string comparison

Contents

Description Description

Compares two strings using the same time whether they’re equal or not.

This function was added in PHP 5.6.

Note: It can leak the length of a string when arguments of differing length are supplied.

Parameters Parameters

$a

(string) (Required) Expected string.

$b

(string) (Required) Actual, user supplied, string.

Top ↑

Return Return

(bool) Whether strings are equal.

Top ↑

Source Source

File: wp-includes/compat.php 

	function hash_equals( $a, $b ) {
		$a_length = strlen( $a );
		if ( $a_length !== strlen( $b ) ) {
			return false;
		}
		$result = 0;

		// Do not attempt to "optimize" this.
		for ( $i = 0; $i < $a_length; $i++ ) {
			$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
		}

		return $result === 0;
	}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
3.9.2 Introduced.

Top ↑

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/comment.php: wp_get_unapproved_comment_author_email()

Get unapproved comment author’s email.
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php: WP_REST_Posts_Controller::get_item_permissions_check()

Checks if a given request has access to read a post.
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php: WP_REST_Posts_Controller::can_access_password_content()

Checks if the user can access password-protected content.
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::render_nav_menu_partial()

Render a specific menu via wp_nav_menu() using the supplied arguments.
wp-includes/pluggable.php: wp_verify_nonce()

Verify that correct nonce was used with time limit.
wp-includes/pluggable.php: wp_check_password()

Checks the plaintext password against the encrypted Password.
wp-includes/pluggable.php: wp_validate_auth_cookie()

Validates authentication cookie.
wp-includes/user.php: check_password_reset_key()

Retrieves a user row based on password reset key and login
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::sanitize_widget_instance()

Sanitizes a widget instance.
Show 4 more used by Hide more used by

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.