Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthController.php
| Show First 20 Lines • Show All 203 Lines • ▼ Show 20 Lines | protected function loadAccountForRegistrationOrLinking($account_key) { | ||||
| } | } | ||||
| // We store the digest of the key rather than the key itself to prevent a | // We store the digest of the key rather than the key itself to prevent a | ||||
| // theoretical attacker with read-only access to the database from | // theoretical attacker with read-only access to the database from | ||||
| // hijacking registration sessions. | // hijacking registration sessions. | ||||
| $actual = $account->getProperty('registrationKey'); | $actual = $account->getProperty('registrationKey'); | ||||
| $expect = PhabricatorHash::digest($registration_key); | $expect = PhabricatorHash::digest($registration_key); | ||||
| if ($actual !== $expect) { | if (!phutil_hashes_are_identical($actual, $expect)) { | ||||
| $response = $this->renderError( | $response = $this->renderError( | ||||
| pht( | pht( | ||||
| 'Your browser submitted a different registration key than the one '. | 'Your browser submitted a different registration key than the one '. | ||||
| 'associated with this account. You may need to clear your cookies.')); | 'associated with this account. You may need to clear your cookies.')); | ||||
| return array($account, $provider, $response); | return array($account, $provider, $response); | ||||
| } | } | ||||
| $other_account = id(new PhabricatorExternalAccount())->loadAllWhere( | $other_account = id(new PhabricatorExternalAccount())->loadAllWhere( | ||||
| ▲ Show 20 Lines • Show All 85 Lines • Show Last 20 Lines | |||||