From b9f4eec4c61d02fa29ef9a9b231a4fde8c91b861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roger=20Vil=C3=A0?= Date: Tue, 26 Sep 2023 18:36:28 +0200 Subject: [PATCH] Check payments with hash_equals() --- src/Sermepa/Tpv/Tpv.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Sermepa/Tpv/Tpv.php b/src/Sermepa/Tpv/Tpv.php index eb03763..0161b1e 100644 --- a/src/Sermepa/Tpv/Tpv.php +++ b/src/Sermepa/Tpv/Tpv.php @@ -875,7 +875,7 @@ public function check($key, $postData) $signatureReceived = $postData["Ds_Signature"]; $signature = $this->generateMerchantSignatureNotification($key, $parameters); - return ($signature === $signatureReceived); + return hash_equals($signature, $signatureReceived); } /**