From c9f1aa4e453197fd32e49ce537635b11c670adb7 Mon Sep 17 00:00:00 2001 From: Quinn Chrzan Date: Thu, 5 Jun 2014 16:20:05 -0400 Subject: Minor style fixes to improve readability in HMAC authentication --- system/libraries/Session.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 89c699765..b6c53c71d 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -145,7 +145,9 @@ class CI_Session { } // HMAC authentication - if (($len = strlen($session) - 40) <= 0) + $len = strlen($session) - 40; + + if ($len <= 0) { log_message('error', 'Session: The session cookie was not signed.'); return FALSE; @@ -158,9 +160,11 @@ class CI_Session { // Time-attack-safe comparison $hmac_check = hash_hmac('sha1', $session, $this->encryption_key); $diff = 0; + for ($i = 0; $i < 40; $i++) { - $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]); + $xor = ord($hmac[$i]) ^ ord($hmac_check[$i]); + $diff |= $xor; } if ($diff !== 0) @@ -789,4 +793,4 @@ class CI_Session { // END Session Class /* End of file Session.php */ -/* Location: ./system/libraries/Session.php */ \ No newline at end of file +/* Location: ./system/libraries/Session.php */ -- cgit v1.2.3-24-g4f1b From 41fb2434ab7cd0fb373bbf966175e1abfad6603b Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 5 Jun 2014 14:21:16 -0700 Subject: Updating release date --- user_guide/changelog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide/changelog.html b/user_guide/changelog.html index ff6603d8b..ee5021dc9 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -58,7 +58,7 @@ Change Log

Change Log

Version 2.2.0

-

Release Date: June 2, 2014

+

Release Date: June 5, 2014