From e5cc9987ae5fbb8717d83ccf808315df1624f598 Mon Sep 17 00:00:00 2001 From: Michael Snoyman Date: Tue, 19 Feb 2019 03:58:31 +0200 Subject: [PATCH] Move from byteable to memory --- yesod-core/Yesod/Core/Handler.hs | 6 +++--- yesod-core/yesod-core.cabal | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/yesod-core/Yesod/Core/Handler.hs b/yesod-core/Yesod/Core/Handler.hs index ab0a1d8d..ddf4861c 100644 --- a/yesod-core/Yesod/Core/Handler.hs +++ b/yesod-core/Yesod/Core/Handler.hs @@ -228,7 +228,7 @@ import qualified Data.ByteString.Lazy as L import qualified Data.Map as Map import qualified Data.HashMap.Strict as HM -import Data.Byteable (constEqBytes) +import Data.ByteArray (constEq) import Control.Arrow ((***)) import qualified Data.ByteString.Char8 as S8 @@ -1648,8 +1648,8 @@ checkCsrfHeaderOrParam headerName paramName = do permissionDenied errorMessage validCsrf :: Maybe Text -> Maybe S.ByteString -> Bool --- It's important to use constant-time comparison (constEqBytes) in order to avoid timing attacks. -validCsrf (Just token) (Just param) = encodeUtf8 token `constEqBytes` param +-- It's important to use constant-time comparison (constEq) in order to avoid timing attacks. +validCsrf (Just token) (Just param) = encodeUtf8 token `constEq` param validCsrf Nothing _param = True validCsrf (Just _token) Nothing = False diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal index 9fc79e27..3bc92f64 100644 --- a/yesod-core/yesod-core.cabal +++ b/yesod-core/yesod-core.cabal @@ -27,7 +27,6 @@ library , auto-update , blaze-html >= 0.5 , blaze-markup >= 0.7.1 - , byteable , bytestring >= 0.10.2 , case-insensitive >= 0.2 , cereal >= 0.3 @@ -39,6 +38,7 @@ library , deepseq >= 1.3 , fast-logger >= 2.2 , http-types >= 0.7 + , memory , monad-logger >= 0.3.10 && < 0.4 , mtl , parsec >= 2 && < 3.2