summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-06-21 15:13:13 +0200
committerAndrey Andreev <narf@devilix.net>2014-06-21 15:13:13 +0200
commit4191be3d3be76909253158a6cd35fbf3a89cfb5f (patch)
tree4b2a03af769faf67008634f5f8241e54b309a9ab /system/core
parent38372554817921aa4efbab2225471474c2893b4a (diff)
Fix a _potential_ flaw in password_hash()
Diffstat (limited to 'system/core')
-rw-r--r--system/core/compat/password.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/system/core/compat/password.php b/system/core/compat/password.php
index a9355d5d0..d5a017d9a 100644
--- a/system/core/compat/password.php
+++ b/system/core/compat/password.php
@@ -145,7 +145,10 @@ if ( ! function_exists('password_hash'))
}
isset($options['cost']) OR $options['cost'] = 10;
- return crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']));
+
+ return (strlen($password = crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']))) === 60)
+ ? $password
+ : FALSE;
}
}