From 2a7c68624724143884cc949338cacb95d238e317 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 31 Mar 2026 23:56:03 +0200
Subject: [PATCH] Use timeing-safe password comparison

AI-assistant: Copilot v1.0.7 (Claude Opus 4.6)

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 4b23f746..30bcff98 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -657,7 +657,7 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException("Please enter your current password.");
         }
 
-        if ($currentPassword !== $this->password) {
+        if (!hash_equals($this->password, $currentPassword)) {
             throw new InvalidSettingConfigurationException("The entered current password is not correct.");
         }