Commit bb605a6b authored by Christopher Speller's avatar Christopher Speller Committed by Carlos Tadeu Panato Junior
Browse files

Changing comparison method. (#9383)

parent 72258266
......@@ -4,6 +4,7 @@
package api4
import (
"crypto/subtle"
"io"
"io/ioutil"
"net/http"
......@@ -342,7 +343,7 @@ func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if hash != app.GeneratePublicLinkHash(info.Id, *c.App.Config().FileSettings.PublicLinkSalt) {
if subtle.ConstantTimeCompare([]byte(hash), []byte(app.GeneratePublicLinkHash(info.Id, *c.App.Config().FileSettings.PublicLinkSalt))) != 1 {
c.Err = model.NewAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "", http.StatusBadRequest)
utils.RenderWebAppError(c.App.Config(), w, r, c.Err, c.App.AsymmetricSigningKey())
return
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment