Merge pull request #123 from silverstripe/FIX/consistent_response_times

Ensure time comparisons use floats
silverstripe · Jan 8, 2018 · 6314686 · 6314686
2 parents 31e670c + e030e6e
commit 6314686
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/code/authenticators/LDAPLoginForm.php b/code/authenticators/LDAPLoginForm.php
@@ -110,7 +110,8 @@ public function __construct($controller, $name, $fields = null, $actions = null,
      */
     public function forgotPassword($data)
     {
-        $startTime = microtime();
+        // Passing true returns a float rather than a string
+        $startTime = microtime(true);
         // No need to protect against injections, LDAPService will ensure that this is safe
         $login = trim($data['Login']);
 
@@ -210,7 +211,7 @@ protected function consistentResponseTime($startTime)
             return;
         }
 
-        $timeTaken = microtime() - $startTime;
+        $timeTaken = microtime(true) - $startTime;
         if ($timeTaken < self::RESPONSE_TIME) {
             $sleepTime = self::RESPONSE_TIME - $timeTaken;
             // usleep takes microseconds, so we times our sleep period by 1mil (1mil ms = 1s)