1 files changed, 6 insertions, 12 deletions

diff --git a/lib/facebook-graph-sdk/src/Facebook/SignedRequest.php b/lib/facebook-graph-sdk/src/Facebook/SignedRequest.php
index 77099a3..6a175a0 100644
--- a/lib/facebook-graph-sdk/src/Facebook/SignedRequest.php
+++ b/lib/facebook-graph-sdk/src/Facebook/SignedRequest.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright 2014 Facebook, Inc.
+ * Copyright 2017 Facebook, Inc.
  *
  * You are hereby granted a non-exclusive, worldwide, royalty-free license to
  * use, copy, modify, and distribute this software in source code or binary
@@ -164,7 +164,7 @@ class SignedRequest
     /**
      * Splits a raw signed request into signature and payload.
      *
-     * @returns array
+     * @return array
      *
      * @throws FacebookSDKException
      */
@@ -182,7 +182,7 @@ class SignedRequest
      *
      * @param string $encodedSig
      *
-     * @returns string
+     * @return string
      *
      * @throws FacebookSDKException
      */
@@ -202,7 +202,7 @@ class SignedRequest
      *
      * @param string $encodedPayload
      *
-     * @returns array
+     * @return array
      *
      * @throws FacebookSDKException
      */
@@ -268,14 +268,8 @@ class SignedRequest
      */
     protected function validateSignature($hashedSig, $sig)
     {
-        if (mb_strlen($hashedSig) === mb_strlen($sig)) {
-            $validate = 0;
-            for ($i = 0; $i < mb_strlen($sig); $i++) {
-                $validate |= ord($hashedSig[$i]) ^ ord($sig[$i]);
-            }
-            if ($validate === 0) {
-                return;
-            }
+        if (\hash_equals($hashedSig, $sig)) {
+            return;
         }
 
         throw new FacebookSDKException('Signed request has an invalid signature.', 602);