fix order of hash_equals

mevdschee · mevdschee · commit 8b3b0a432739 · 2019-08-15T15:58:53.000+02:00
diff --git a/api.php b/api.php
@@ -7528,11 +7528,7 @@ private function getVerifiedClaims(string $token, int $time, int $leeway, int $t
             switch ($algorithm[0]) {
                 case 'H':
                     $hash = hash_hmac($hmac, $data, $secret, true);
-                    if (function_exists('hash_equals')) {
-                        $equals = hash_equals($signature, $hash);
-                    } else {
-                        $equals = $signature == $hash;
-                    }
+                    $equals = hash_equals($hash, $signature);
                     if (!$equals) {
                         return array();
                     }
