From 000bd0d863e4eb68f72d422981379472977f9e83 Mon Sep 17 00:00:00 2001
From: Yosmany Garcia <yosmanyga@gmail.com>
Date: Tue, 5 Aug 2014 20:01:06 -0400
Subject: [PATCH] Made optimization deprecating modulus operator

---
 .../Component/Security/Core/Util/StringUtils.php     | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/Symfony/Component/Security/Core/Util/StringUtils.php b/src/Symfony/Component/Security/Core/Util/StringUtils.php
index d47bd4bb37..eaeed84779 100644
--- a/src/Symfony/Component/Security/Core/Util/StringUtils.php
+++ b/src/Symfony/Component/Security/Core/Util/StringUtils.php
@@ -35,23 +35,19 @@ class StringUtils
      */
     public static function equals($knownString, $userInput)
     {
-        // Prevent issues if string length is 0
-        $knownString .= chr(0);
-        $userInput .= chr(0);
-
         $knownLen = strlen($knownString);
         $userLen = strlen($userInput);
 
+        // Extend know string to avoid uninitialized string offsets
+        $knownString .= $userInput;
+
         // Set the result to the difference between the lengths
         $result = $knownLen - $userLen;
 
         // Note that we ALWAYS iterate over the user-supplied length
         // This is to prevent leaking length information
         for ($i = 0; $i < $userLen; $i++) {
-            // Using % here is a trick to prevent notices
-            // It's safe, since if the lengths are different
-            // $result is already non-0
-            $result |= (ord($knownString[$i % $knownLen]) ^ ord($userInput[$i]));
+            $result |= (ord($knownString[$i]) ^ ord($userInput[$i]));
         }
 
         // They are only identical strings if $result is exactly 0...