xamxam/app/public/admin/actions/account.php at f398a0f1ff29320d457330fd18c769da5f06b36c

mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00

Files

Pontoporeia f398a0f1ff Fix non-constant-time credential comparisons

- account.php: replace !== CSRF token check with hash_equals
- ShareLink::setPassword(): also encrypt and store plain-text password
  alongside the hash, matching create() behavior so the decrypted_password
  decoration stays correct after password updates

2026-05-31 17:49:43 +02:00

3.5 KiB

Raw Blame History

View Raw

3.5 KiB Raw Blame History

3.5 KiB

Raw Blame History