mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-19 07:08:09 +01:00
Code Issues Releases Wiki Activity

[feature/passwords] Move check for 8-bit characters to bcrypt driver

Browse Source 
PHPBB3-11610
This commit is contained in:
Marc Alexander 2013-10-07 16:00:52 +02:00
parent 035db5e08b
commit f1d2949985
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
phpBB/phpbb/passwords/driver/bcrypt.php
View File

@ -41,6 +41,16 @@ class bcrypt extends \phpbb\passwords\driver\base
// Revert to 2a if this is the case
$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();
// Do not support 8-bit characters with $2a$ bcrypt
// Also see http://www.php.net/security/crypt_blowfish.php
if ($prefix === self::PREFIX)
{
if (ord($password[strlen($password)-1]) & 128)
{
return false;
}
}
if ($salt == '')
{
$salt = $prefix . '10$' . $this->get_random_salt();

10
phpBB/phpbb/passwords/manager.php
View File

@ -214,16 +214,6 @@ class manager
return false;
}
// Do not support 8-bit characters with $2a$ bcrypt
// Also see http://www.php.net/security/crypt_blowfish.php
if ($type === 'passwords.driver.bcrypt' || ($type === 'passwords.driver.bcrypt_2y' && !$hashing_algorithm->is_supported()))
{
if (ord($password[strlen($password)-1]) & 128)
{
return false;
}
}
return $hashing_algorithm->hash($password);
}