diff options
| author | Andrey Andreev <narf@devilix.net> | 2017-03-24 10:04:53 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2017-03-24 10:04:53 +0100 |
| commit | c7c0bdf4f7af7c4e71b073ee87ddb792087bdfac (patch) | |
| tree | 5cfb825e1e0d67f30d4c8a91428cd52eb580695a /system/core/compat/hash.php | |
| parent | 1d9aaee34ea77fdb68d79d7add37f26dd2649c00 (diff) | |
| parent | 0eb38af2eaf1127b9b82261b7ec3bf4d4b847318 (diff) | |
Merge branch '3.1-stable' into develop
Conflicts resolved:
system/core/CodeIgniter.php
system/core/Common.php
system/core/Input.php
system/helpers/cookie_helper.php
tests/codeigniter/helpers/html_helper_test.php
user_guide_src/source/changelog.rst
user_guide_src/source/conf.py
user_guide_src/source/installation/downloads.rst
user_guide_src/source/installation/upgrading.rst
user_guide_src/source/libraries/input.rst
Diffstat (limited to 'system/core/compat/hash.php')
| -rw-r--r-- | system/core/compat/hash.php | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/system/core/compat/hash.php b/system/core/compat/hash.php index c0eab4909..fc319028d 100644 --- a/system/core/compat/hash.php +++ b/system/core/compat/hash.php @@ -173,7 +173,9 @@ if ( ! function_exists('hash_pbkdf2')) return FALSE; } - $hash_length = strlen(hash($algo, NULL, TRUE)); + $hash_length = defined('MB_OVERLOAD_STRING') + ? mb_strlen(hash($algo, NULL, TRUE), '8bit') + : strlen(hash($algo, NULL, TRUE)); empty($length) && $length = $hash_length; // Pre-hash password inputs longer than the algorithm's block size @@ -219,14 +221,14 @@ if ( ! function_exists('hash_pbkdf2')) 'whirlpool' => 64 ); - if (isset($block_sizes[$algo]) && strlen($password) > $block_sizes[$algo]) + if (isset($block_sizes[$algo], $password[$block_sizes[$algo]])) { $password = hash($algo, $password, TRUE); } $hash = ''; // Note: Blocks are NOT 0-indexed - for ($bc = ceil($length / $hash_length), $bi = 1; $bi <= $bc; $bi++) + for ($bc = (int) ceil($length / $hash_length), $bi = 1; $bi <= $bc; $bi++) { $key = $derived_key = hash_hmac($algo, $salt.pack('N', $bi), $password, TRUE); for ($i = 1; $i < $iterations; $i++) @@ -238,6 +240,13 @@ if ( ! function_exists('hash_pbkdf2')) } // This is not RFC-compatible, but we're aiming for natural PHP compatibility - return substr($raw_output ? $hash : bin2hex($hash), 0, $length); + if ( ! $raw_output) + { + $hash = bin2hex($hash); + } + + return defined('MB_OVERLOAD_STRING') + ? mb_substr($hash, 0, $length, '8bit') + : substr($hash, 0, $length); } } |