Changes between Initial Version and Version 1 of Ticket #16827, comment 7


Ignore:
Timestamp:
02/10/2012 10:20:37 PM (9 years ago)
Author:
Paul McMillan
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #16827, comment 7

    initial v1  
     1aashu_dwivedi: The length check is worth fixing. It is true that the constant_time_compare will fail early if the lengths do not match, but the performance concern is in the regex applied to sanitize the string before it gets to constant_time_compare.
     2
    13In [17500]:
    24{{{
     
    46Fixes #16827. Adds a length check to CSRF tokens before applying the santizing regex. Thanks to jedie for the report and zsiciarz for the initial patch.
    57}}}
     8
Back to Top