Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Accept older blowfish hashes.

Both `2a` and `2x` are valid types of blowfish hashes, that while being
older should be accepted.
mark_story 12 years ago
parent
e5b73bdab4
commit
00c94bd582
1 changed files with 6 additions and 1 deletions
Split View Show Diff Stats
  1. 6 1
      src/Utility/Security.php

+ 6 - 1
src/Utility/Security.php
View File 

@@ -212,7 +212,12 @@ class Security {
 
 			$salt = vsprintf('$2y$%02d$%s', array(static::$hashCost, $salt));
 
 		}
 
 
-		if ($salt === true || strpos($salt, '$2y$') !== 0 || strlen($salt) < 29) {
 
+		$invalidCipher = (
 
+			strpos($salt, '$2y$') !== 0 &&
 
+			strpos($salt, '$2x$') !== 0 &&
 
+			strpos($salt, '$2a$') !== 0
 
+		);
 
+		if ($salt === true || $invalidCipher || strlen($salt) < 29) {
 
 			throw new Exception(sprintf(
 
 				'Invalid salt: %s for blowfish Please visit http://www.php.net/crypt and read the appropriate section for building blowfish salts.',
 
 				$salt