Merge branch 'master' of github.com:dintel/php-github-webhook

dmitryablecanyon · Nov 12, 2015 · b6a3bae · b6a3bae
2 parents 5a4014b + ee38a76
commit b6a3bae
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/Handler.php b/src/Handler.php
@@ -87,7 +87,13 @@ public function validate()
     protected function validateSignature($gitHubSignatureHeader, $payload)
     {
         list ($algo, $gitHubSignature) = explode("=", $gitHubSignatureHeader);
+
+        if ($algo !== 'sha1') {
+            // see https://developer.github.com/webhooks/securing/
+            return false;
+        }
+
         $payloadHash = hash_hmac($algo, $payload, $this->secret);
-        return ($payloadHash == $gitHubSignature);
+        return ($payloadHash === $gitHubSignature);
     }
 }