From 543392619186ad618cdb6931af8d564b9ef17f05 Mon Sep 17 00:00:00 2001
From: Akhil <akhil.potukuchi@gmail.com>
Date: Thu, 10 Nov 2022 21:23:53 +0530
Subject: [PATCH] Use hash_equals

---
 lib/Controller/EmailRecoveryApiController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Controller/EmailRecoveryApiController.php b/lib/Controller/EmailRecoveryApiController.php
index 19acb13..967645f 100644
--- a/lib/Controller/EmailRecoveryApiController.php
+++ b/lib/Controller/EmailRecoveryApiController.php
@@ -92,6 +92,6 @@ class EmailRecoveryApiController extends ApiController {
 
 	private function checkAppCredentials(string $token) {
 		$storage_secret = $_ENV['NEXTCLOUD_EMAIL_RECOVERY_APP_SECRET'];
-		return strcmp($token, $storage_secret) === 0;
+		return hash_equals($storage_secret, $token);
 	}
 }
-- 
GitLab