diff options
| author | Ivan Kurnosov <zerkms@zerkms.com> | 2015-03-25 17:29:41 +1300 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-03-25 09:38:46 +0100 |
| commit | ee7e5319d0a164be841bf1651c51fc2d09b17698 (patch) | |
| tree | 0abc7f9263e95e8da4fa6eb61a42c3525410cbf9 /Http | |
| parent | fedc844595d0871c5f17169ab82af83085215684 (diff) | |
| download | symfony-security-ee7e5319d0a164be841bf1651c51fc2d09b17698.zip symfony-security-ee7e5319d0a164be841bf1651c51fc2d09b17698.tar.gz symfony-security-ee7e5319d0a164be841bf1651c51fc2d09b17698.tar.bz2 | |
StringUtils::equals() arguments in RememberMe Cookie based implementation are confused
It must be the other way around
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/RememberMe/TokenBasedRememberMeServices.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php index 9042963..3fe39ac 100644 --- a/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/Http/RememberMe/TokenBasedRememberMeServices.php @@ -54,7 +54,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } - if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) { + if (true !== StringUtils::equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) { throw new AuthenticationException('The cookie\'s hash is invalid.'); } |