Skip to content

Commit

Permalink
Use lowercase for hmac hash algorithm (#38787)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Krisell
Krisell authored Sep 13, 2021
1 parent 50eca08 commit 510651a
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/Illuminate/Foundation/Console/stubs/maintenance-mode.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ if (isset($_COOKIE['laravel_maintenance']) && isset($data['secret'])) {
if (is_array($payload) &&
is_numeric($payload['expires_at'] ?? null) &&
isset($payload['mac']) &&
hash_equals(hash_hmac('SHA256', $payload['expires_at'], $data['secret']), $payload['mac']) &&
hash_equals(hash_hmac('sha256', $payload['expires_at'], $data['secret']), $payload['mac']) &&
(int) $payload['expires_at'] >= time()) {
return;
}
Expand Down
4 changes: 2 additions & 2 deletions src/Illuminate/Foundation/Http/MaintenanceModeBypassCookie.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ public static function create(string $key)

return new Cookie('laravel_maintenance', base64_encode(json_encode([
'expires_at' => $expiresAt->getTimestamp(),
'mac' => hash_hmac('SHA256', $expiresAt->getTimestamp(), $key),
'mac' => hash_hmac('sha256', $expiresAt->getTimestamp(), $key),
])), $expiresAt);
}

Expand All @@ -37,7 +37,7 @@ public static function isValid(string $cookie, string $key)
return is_array($payload) &&
is_numeric($payload['expires_at'] ?? null) &&
isset($payload['mac']) &&
hash_equals(hash_hmac('SHA256', $payload['expires_at'], $key), $payload['mac']) &&
hash_equals(hash_hmac('sha256', $payload['expires_at'], $key), $payload['mac']) &&
(int) $payload['expires_at'] >= Carbon::now()->getTimestamp();
}
}

0 comments on commit 510651a

Please sign in to comment.