diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-06-21 15:13:13 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-06-21 15:13:13 +0200 |
| commit | 4191be3d3be76909253158a6cd35fbf3a89cfb5f (patch) | |
| tree | 4b2a03af769faf67008634f5f8241e54b309a9ab /system/core/compat | |
| parent | 38372554817921aa4efbab2225471474c2893b4a (diff) | |
Fix a _potential_ flaw in password_hash()
Diffstat (limited to 'system/core/compat')
| -rw-r--r-- | system/core/compat/password.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/system/core/compat/password.php b/system/core/compat/password.php index a9355d5d0..d5a017d9a 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -145,7 +145,10 @@ if ( ! function_exists('password_hash')) } isset($options['cost']) OR $options['cost'] = 10; - return crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt'])); + + return (strlen($password = crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']))) === 60) + ? $password + : FALSE; } } |