diff options
-rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 5 | ||||
-rw-r--r-- | Bugzilla/Util.pm | 5 | ||||
-rwxr-xr-x | userprefs.cgi | 10 |
3 files changed, 18 insertions, 2 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index 88ad78d54..f2c008dbf 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -53,6 +53,11 @@ sub check_credentials { "SELECT cryptpassword FROM profiles WHERE userid = ?", undef, $user_id); + # Wide characters cause crypt to die + if (Bugzilla->params->{'utf8'}) { + utf8::encode($password) if utf8::is_utf8($password); + } + # Using the internal crypted password as the salt, # crypt the password the user entered. my $entered_password_crypted = crypt($password, $real_password_crypted); diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 9ff810b4f..defa15270 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -480,6 +480,11 @@ sub bz_crypt { $salt .= $saltchars[rand(64)]; } + # Wide characters cause crypt to die + if (Bugzilla->params->{'utf8'}) { + utf8::encode($password) if utf8::is_utf8($password); + } + # Crypt the password. my $cryptedpassword = crypt($password, $salt); diff --git a/userprefs.cgi b/userprefs.cgi index 3ccfe820a..24a6a5699 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -90,8 +90,14 @@ sub SaveAccount { undef, $user->id); $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password"); - if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne - $oldcryptedpwd) + my $oldpassword = $cgi->param('Bugzilla_password'); + + # Wide characters cause crypt to die + if (Bugzilla->params->{'utf8'}) { + utf8::encode($oldpassword) if utf8::is_utf8($oldpassword); + } + + if (crypt($oldpassword, $oldcryptedpwd) ne $oldcryptedpwd) { ThrowUserError("old_password_incorrect"); } |