mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Merge pull request #8658 from cakephp/empty-hashed-pw
Randomly generate a salt when the salt is '' or null.
This commit is contained in:
commit
dec291061a
2 changed files with 22 additions and 2 deletions
|
@ -151,16 +151,36 @@ class SecurityTest extends CakeTestCase {
|
|||
Security::setHash($_hashType);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that blowfish doesn't return '' when the salt is ''
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testHashBlowfishEmptySalt() {
|
||||
$test = Security::hash('password', 'blowfish');
|
||||
$this->skipIf(strpos($test, '$2a$') === false, 'Blowfish hashes are incorrect.');
|
||||
|
||||
$stored = '';
|
||||
$hash = Security::hash('anything', 'blowfish', $stored);
|
||||
$this->assertNotEquals($stored, $hash);
|
||||
|
||||
$hash = Security::hash('anything', 'blowfish', false);
|
||||
$this->assertNotEquals($stored, $hash);
|
||||
|
||||
$hash = Security::hash('anything', 'blowfish', null);
|
||||
$this->assertNotEquals($stored, $hash);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that hash() works with blowfish.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testHashBlowfish() {
|
||||
Security::setCost(10);
|
||||
$test = Security::hash('password', 'blowfish');
|
||||
$this->skipIf(strpos($test, '$2a$') === false, 'Blowfish hashes are incorrect.');
|
||||
|
||||
Security::setCost(10);
|
||||
$_hashType = Security::$hashType;
|
||||
|
||||
$key = 'someKey';
|
||||
|
|
|
@ -303,7 +303,7 @@ class Security {
|
|||
* @return string The hashed string or an empty string on error.
|
||||
*/
|
||||
protected static function _crypt($password, $salt = false) {
|
||||
if ($salt === false) {
|
||||
if ($salt === false || $salt === null || $salt === '') {
|
||||
$salt = static::_salt(22);
|
||||
$salt = vsprintf('$2a$%02d$%s', array(static::$hashCost, $salt));
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue