From 397dbcc8d6238c28020ef06cfaf93fd7ec50f081 Mon Sep 17 00:00:00 2001
From: WouterJ <waldio.webdesign@gmail.com>
Date: Fri, 18 Dec 2015 11:42:20 +0100
Subject: [PATCH 1/2] Added note about the polyfill

---
 cookbook/security/custom_authentication_provider.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
index 22e190a9ba9..eebff8bd966 100644
--- a/cookbook/security/custom_authentication_provider.rst
+++ b/cookbook/security/custom_authentication_provider.rst
@@ -289,6 +289,13 @@ the ``PasswordDigest`` header value matches with the user's password.
     provider for the given token. In the case of multiple providers, the
     authentication manager will then move to the next provider in the list.
 
+.. note::
+
+    While the :phpfunction:`hash_equals` function was introduced in PHP 5.6,
+    you are safe to use it with any PHP version in your Symfony application. In
+    PHP versions prior to 5.6, `Symfony Polyfill`_ (which is included in
+    Symfony) will define the function for you.
+
 The Factory
 -----------
 
@@ -666,3 +673,4 @@ in the factory and consumed or passed to the other classes in the container.
 .. _`WSSE`: http://www.xml.com/pub/a/2003/12/17/dive.html
 .. _`nonce`: https://en.wikipedia.org/wiki/Cryptographic_nonce
 .. _`timing attacks`: https://en.wikipedia.org/wiki/Timing_attack
+.. _`Symfony Polyfill`: https://github.com/symfony/polyfill

From 3c971dd436e211cada6a76f6419a868cf4c35361 Mon Sep 17 00:00:00 2001
From: Wouter J <waldio.webdesign@gmail.com>
Date: Sun, 20 Dec 2015 12:53:19 +0100
Subject: [PATCH 2/2] Add versionadded about the polyfill

---
 cookbook/security/custom_authentication_provider.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
index eebff8bd966..89f28e79f86 100644
--- a/cookbook/security/custom_authentication_provider.rst
+++ b/cookbook/security/custom_authentication_provider.rst
@@ -295,6 +295,11 @@ the ``PasswordDigest`` header value matches with the user's password.
     you are safe to use it with any PHP version in your Symfony application. In
     PHP versions prior to 5.6, `Symfony Polyfill`_ (which is included in
     Symfony) will define the function for you.
+    
+    .. versionadded:: 2.8
+        Symfony Polyfill is included by default since Symfony 2.8. Prior to Symfony 2.8,
+        you have to execute ``composer require symfony/polyfill-php56`` to be able to
+        use ``hash_equals`` on older PHP versions.
 
 The Factory
 -----------