From 1762f469dae74c0cdf6a28941168130795fee942 Mon Sep 17 00:00:00 2001
From: matical <matic@amatsuka.me>
Date: Thu, 9 Jan 2025 23:02:14 +0800
Subject: [PATCH] Make use of timing-safe functions to compare HMAC signatures

---
 src/Webhooks/IncomingWebhook.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Webhooks/IncomingWebhook.php b/src/Webhooks/IncomingWebhook.php
index 93b7893..ebdd012 100644
--- a/src/Webhooks/IncomingWebhook.php
+++ b/src/Webhooks/IncomingWebhook.php
@@ -78,7 +78,7 @@ protected function validateSignature(): void
         $signature = $this->generateSignature();
         $header = $this->findHeader(self::SIGNATURE_HEADERS);
 
-        if ($signature !== $header) {
+        if (hash_equals($signature, $header) === false) {
             throw new InvalidSignatureException($signature, $header);
         }
     }