From cf59eee98c358a96dd40718eac4bf60416dea482 Mon Sep 17 00:00:00 2001
From: EdOverflow <diopterasec@gmail.com>
Date: Wed, 4 Jan 2017 16:59:14 +0100
Subject: [PATCH] Add hash_equals

---
 controller/credentialcontroller.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php
index 51645fb7..3c6dd6b5 100644
--- a/controller/credentialcontroller.php
+++ b/controller/credentialcontroller.php
@@ -142,7 +142,7 @@ class CredentialController extends ApiController {
 		);
 
 
-		if ($storedCredential->getUserId() !== $this->userId) {
+		if (!hash_equals($storedCredential->getUserId(), $this->userId)) {
 			$acl = $this->sharingService->getCredentialAclForUser($this->userId, $storedCredential->getGuid());
 			if ($acl->hasPermission(SharingACL::WRITE)) {
 				$credential['shared_key'] = $storedCredential->getSharedKey();
@@ -219,7 +219,7 @@ class CredentialController extends ApiController {
 					'', array(),
 					$link, $target_user, Activity::TYPE_ITEM_ACTION);
 			}
-			if ($this->userId !== $storedCredential->getUserId()) {
+			if (!hash_equals($this->userId, $storedCredential->getUserId())) {
 				$this->activityService->add(
 					$activity, $params,
 					'', array(),