|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-09-09 13:35 UTC] sjon at hortensius dot net
Description: ------------ $pass = 'secret'; $salt = '$2y$07$usesomesillystringforsalt$'; var_dump(crypt($pass, $salt)); * as demonstrated on https://3v4l.org/kuAJO Test script: --------------- * works with shorter salt: https://3v4l.org/O654F * fails with longer salt: https://3v4l.org/dvgnq (includes CRYPT_SALT_LENGTH) Expected result: ---------------- string(60) "$2y$07$usesomesillystringforex.u2VJUMLRWaJNuw0Hu2FvCEimdeYVO" Actual result: -------------- string(2) "*0" PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 12:01:29 2024 UTC |
Indeed, Damian. Anatol, with regard to the fix[1]: it seems to me, that it would suffice to check that the actual salt is not empty, i.e. to do the following instead: if (salt[7] == '$') { return NULL; } [1] <https://github.com/php/php-src/commit/295303b5>