Changes between Initial Version and Version 1 of Ticket #16827, comment 7
- Timestamp:
- Feb 10, 2012, 10:20:37 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #16827, comment 7
initial v1 1 aashu_dwivedi: The length check is worth fixing. It is true that the constant_time_compare will fail early if the lengths do not match, but the performance concern is in the regex applied to sanitize the string before it gets to constant_time_compare. 2 1 3 In [17500]: 2 4 {{{ … … 4 6 Fixes #16827. Adds a length check to CSRF tokens before applying the santizing regex. Thanks to jedie for the report and zsiciarz for the initial patch. 5 7 }}} 8