From 51f33aa67182f3a8c42d330a64ab9af7769fc315 Mon Sep 17 00:00:00 2001
From: CasEbb <617080+CasEbb@users.noreply.github.com>
Date: Thu, 21 Aug 2025 08:18:19 +0200
Subject: [PATCH] Use constant-time string comparison in `verifyNotification`

---
 src/Util/Notification.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Util/Notification.php b/src/Util/Notification.php
index 63d80fa..928d028 100644
--- a/src/Util/Notification.php
+++ b/src/Util/Notification.php
@@ -50,6 +50,6 @@ public static function verifyNotification(
         $payload = $timestamp . ':' . $request;
         $hash = hash_hmac('sha512', $payload, trim($apiKey));
 
-        return $hash === $sha512hexPayload;
+        return hash_equals($hash, $sha512hexPayload);
     }
 }