X-Git-Url: https://git.cyclocoop.org/%242?a=blobdiff_plain;f=includes%2Fpassword%2FPasswordFactory.php;h=bc37b484043d9085317afa6136d71e6a3b6a03b1;hb=04f94a57ad6076684f186bb7242751607c842283;hp=6b634cbea701655059cbb188402d781c57169b3c;hpb=f678f20451b433a6587574faf52d6a5a862eee42;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/password/PasswordFactory.php b/includes/password/PasswordFactory.php
index 6b634cbea7..bc37b48404 100644
--- a/includes/password/PasswordFactory.php
+++ b/includes/password/PasswordFactory.php
@@ -40,9 +40,9 @@ final class PasswordFactory {
 	 * @see PasswordFactory::register
 	 * @see Setup.php
 	 */
-	private $types = array(
-		'' => array( 'type' => '', 'class' => 'InvalidPassword' ),
-	);
+	private $types = [
+		'' => [ 'type' => '', 'class' => InvalidPassword::class ],
+	];
 
 	/**
 	 * Register a new type of password hash
@@ -112,7 +112,7 @@ final class PasswordFactory {
 	 */
 	public function newFromCiphertext( $hash ) {
 		if ( $hash === null || $hash === false || $hash === '' ) {
-			return new InvalidPassword( $this, array( 'type' => '' ), null );
+			return new InvalidPassword( $this, [ 'type' => '' ], null );
 		} elseif ( $hash[0] !== ':' ) {
 			throw new PasswordError( 'Invalid hash given' );
 		}
@@ -156,7 +156,7 @@ final class PasswordFactory {
 	 */
 	public function newFromPlaintext( $password, Password $existing = null ) {
 		if ( $password === null ) {
-			return new InvalidPassword( $this, array( 'type' => '' ), null );
+			return new InvalidPassword( $this, [ 'type' => '' ], null );
 		}
 
 		if ( $existing === null ) {
@@ -200,11 +200,10 @@ final class PasswordFactory {
 		// stopping at a minimum of 10 chars.
 		$length = max( 10, $minLength );
 		// Multiply by 1.25 to get the number of hex characters we need
-		$length = $length * 1.25;
 		// Generate random hex chars
-		$hex = MWCryptRand::generateHex( $length );
+		$hex = MWCryptRand::generateHex( ceil( $length * 1.25 ) );
 		// Convert from base 16 to base 32 to get a proper password like string
-		return Wikimedia\base_convert( $hex, 16, 32 );
+		return substr( Wikimedia\base_convert( $hex, 16, 32, $length ), -$length );
 	}
 
 	/**
@@ -217,7 +216,7 @@ final class PasswordFactory {
 
 		if ( $password === null ) {
 			$factory = new self();
-			$password = new InvalidPassword( $factory, array( 'type' => '' ), null );
+			$password = new InvalidPassword( $factory, [ 'type' => '' ], null );
 		}
 
 		return $password;