Changeset 10991

Timestamp:

08/04/2016 08:57:50 PM (9 years ago)

Author:

djpaul

Message:

Settings: use hash_equals() to update user profile (2.6 branch).

File:

• branches/2.6/src/bp-settings/bp-settings-actions.php (modified) (1 diff)

branches/2.6/src/bp-settings/bp-settings-actions.php

@@ -445 +445 @@
 
         // Bail if the hash provided doesn't match the one saved in the database.
-        if ( urldecode( $_GET['verify_email_change'] ) !== $pending_email['hash'] ) {
+        if ( ! hash_equals( urldecode( $_GET['verify_email_change'] ), $pending_email['hash'] ) ) {
             return;
         }