hash_equals

The timeline below displays how wordpress function hash_equals has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: .10

/**
 * Compare two strings in constant time.
 *
 * This function is NOT pluggable. It is in this file (in addition to
 * compat.php) to prevent errors if, during an update, pluggable.php
 * copies over but compat.php does not.
 *
 * This function was added in PHP 5.6.
 * It can leak the length of a string.
 *
 * @since 3.9.2
 *
 * @param string $a Expected string.
 * @param string $b Actual string.
 * @return bool Whether strings are equal.
 */
function hash_equals($a, $b)
{
    $a_length = strlen($a);
    if ($a_length !== strlen($b)) {
        return false;
    }
    $result = 0;
    // Do not attempt to "optimize" this.
    for ($i = 0; $i < $a_length; $i++) {
        $result |= ord($a[$i]) ^ ord($b[$i]);
    }
    return $result === 0;
}