From 16e5d0dc350fbeb15bf662757dba21bd0e729e8c Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 27 Jun 2013 14:25:50 +0200 Subject: [PATCH] [feature/passwords] Fix minor code limitations in helper These limitations caused it to only allow a specific input to combined hashes. PHPBB3-11610 --- phpBB/includes/crypto/helper.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/crypto/helper.php b/phpBB/includes/crypto/helper.php index 3db126d3b1..a65cacc73a 100644 --- a/phpBB/includes/crypto/helper.php +++ b/phpBB/includes/crypto/helper.php @@ -55,7 +55,8 @@ class phpbb_crypto_helper { preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match); $hash_settings = substr($hash, strpos($hash, $match[1]) + strlen($match[1]) + 1); - foreach ($match as $cur_type) + $matches = explode('\\', $match[1]); + foreach ($matches as $cur_type) { $dollar_position = strpos($hash_settings, '$'); $output[] = substr($hash_settings, 0, ($dollar_position != false) ? $dollar_position : strlen($hash_settings)); @@ -112,7 +113,7 @@ class phpbb_crypto_helper if ($type == 'prefix') { $data[$type] .= ($data[$type] !== '$') ? '\\' : ''; - $data[$type] .= $value; + $data[$type] .= str_replace('$', '', $value); } elseif ($type == 'settings') {