From 169bf13f5dfdb1dbd5246d4bb2df91289f6d2a06 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 7 Oct 2024 23:48:52 +0200
Subject: [PATCH] post.php: use hash_equals to compare post deletion password

---
 post.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/post.php b/post.php
index 51141725..ae1361ce 100644
--- a/post.php
+++ b/post.php
@@ -512,8 +512,8 @@ function handle_delete()
 
             if (
                 $password != ''
-                && $post['password'] != $password
-                && (!$thread || $thread['password'] != $password)
+                && !hash_equals($post['password'], $password)
+                && (!$thread || !hash_equals($thread['password'], $password))
                 && !$is_mod
             ) {
                 error($config['error']['invalidpassword']);