diff options
author | root <root@luna.archlinux.org> | 2016-05-21 06:38:45 +0000 |
---|---|---|
committer | root <root@luna.archlinux.org> | 2016-05-21 06:38:45 +0000 |
commit | b88e92b7f0ce508c55de8c6ac5159ef544d480be (patch) | |
tree | 86b188507543d2670b7ada1caa8f1139d3d5abe9 /includes/password | |
parent | a2bbd243c85ea0e425ee3e8c380aba9f254cee61 (diff) | |
parent | 7bf2eb8ba09b54cec804446ea39a3e658773fac9 (diff) |
Merge branch 'master' of https://git.archlinux.org/vhosts/wiki.archlinux.org
Diffstat (limited to 'includes/password')
-rw-r--r-- | includes/password/MWOldPassword.php | 4 | ||||
-rw-r--r-- | includes/password/MWSaltedPassword.php | 4 | ||||
-rw-r--r-- | includes/password/Pbkdf2Password.php | 9 |
3 files changed, 16 insertions, 1 deletions
diff --git a/includes/password/MWOldPassword.php b/includes/password/MWOldPassword.php index afa5cacc..43c13553 100644 --- a/includes/password/MWOldPassword.php +++ b/includes/password/MWOldPassword.php @@ -44,5 +44,9 @@ class MWOldPassword extends ParameterizedPassword { $this->args = array(); $this->hash = md5( $plaintext ); } + + if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) { + throw new PasswordError( 'Error when hashing password.' ); + } } } diff --git a/includes/password/MWSaltedPassword.php b/includes/password/MWSaltedPassword.php index 6c6895a2..40d2b6a1 100644 --- a/includes/password/MWSaltedPassword.php +++ b/includes/password/MWSaltedPassword.php @@ -42,5 +42,9 @@ class MWSaltedPassword extends ParameterizedPassword { } $this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) ); + + if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) { + throw new PasswordError( 'Error when hashing password.' ); + } } } diff --git a/includes/password/Pbkdf2Password.php b/includes/password/Pbkdf2Password.php index 080e3b0d..808fd8a6 100644 --- a/includes/password/Pbkdf2Password.php +++ b/includes/password/Pbkdf2Password.php @@ -55,8 +55,15 @@ class Pbkdf2Password extends ParameterizedPassword { (int)$this->params['length'], true ); + if ( !is_string( $hash ) ) { + throw new PasswordError( 'Error when hashing password.' ); + } } else { - $hashLen = strlen( hash( $this->params['algo'], '', true ) ); + $hashLenHash = hash( $this->params['algo'], '', true ); + if ( !is_string( $hashLenHash ) ) { + throw new PasswordError( 'Error when hashing password.' ); + } + $hashLen = strlen( $hashLenHash ); $blockCount = ceil( $this->params['length'] / $hashLen ); $hash = ''; |