adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Accept older blowfish hashes.

Browse source 
Both `2a` and `2x` are valid types of blowfish hashes, that while being
older should be accepted.

Backport 00c94bd582b83f8b92228b750aea0e8816a4ea89 from 3.x to 2.5.x,
I see this as a bug fix as it fixes incompatibilities with hashes
created by hash_password().

Refs #3575
This commit is contained in:
mark_story 2014-05-26 23:20:12 -04:00
parent bf9b8e1a52
commit 390441d3b9
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/Cake/Utility/Security.php
View file

@ -277,7 +277,12 @@ class Security {
$salt = vsprintf('$2a$%02d$%s', array(self::$hashCost, $salt));
}
if ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
$invalidCipher = (
strpos($salt, '$2y$') !== 0 &&
strpos($salt, '$2x$') !== 0 &&
strpos($salt, '$2a$') !== 0
);
if ($salt === true || $invalidCipher || strlen($salt) < 29) {
trigger_error(__d(
'cake_dev',
'Invalid salt: %s for %s Please visit http://www.php.net/crypt and read the appropriate section for building %s salts.',