=== changed to hash_equals

Dylan-DPC-zz · Sep 20, 2017 · 09fd8d1 · 09fd8d1
1 parent 5c44abf
commit 09fd8d1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/HMacValidator.php b/src/HMacValidator.php
@@ -28,7 +28,7 @@ protected function validate(array $params, $hmac): bool
     {
         $paramString = http_build_query($params);
         $hash = hash_hmac('sha256', $paramString, config('nonce.secret'));
-        return $hash === $hmac;
+        return hash_equals($hmac, $hash);
 
     }
 }