From ea8da6e09146c7eac35c678c19bafa731d184cf2 Mon Sep 17 00:00:00 2001
From: Ivan Kurnosov <zerkms@zerkms.com>
Date: Wed, 25 Mar 2015 17:29:41 +1300
Subject: [PATCH] StringUtils::equals() arguments in RememberMe Cookie based
 implementation are confused

It must be the other way around
---
 .../Security/Http/RememberMe/TokenBasedRememberMeServices.php   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
index 9042963b27..3fe39ac1d0 100644
--- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -54,7 +54,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
             throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
         }
 
-        if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
+        if (true !== StringUtils::equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) {
             throw new AuthenticationException('The cookie\'s hash is invalid.');
         }