Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #11095 from cakephp/time-based-attack

Ensure input passwords will be hashed even when a user doesn't exist
José Lorenzo Rodríguez 8 years ago
parent
8b8a8ba237 fdb5bcdfeb
commit
d4a7300a42
1 changed files with 3 additions and 0 deletions
Unified View Show Diff Stats
  1. 3 0
      src/Auth/BaseAuthenticate.php

+ 3 - 0
src/Auth/BaseAuthenticate.php
View File 

@@ -107,6 +107,9 @@ abstract class BaseAuthenticate implements EventListenerInterface
 
         $result = $this->_query($username)->first();
 
         $result = $this->_query($username)->first();
 
 
 
         if (empty($result)) {
 
         if (empty($result)) {
 
+            $hasher = $this->passwordHasher();
 
+            $hasher->hash((string)$password);
 
+
 
             return false;
 
             return false;
 
         }
 
         }