dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3988ba) | patch
SECURITY: Throw exception on unknown hash algorithm
authorcsteipp <csteipp@wikimedia.org>
Mon, 22 Feb 2016 20:50:40 +0000 (12:50 -0800)
committerChad Horohoe <chadh@wikimedia.org>
Fri, 20 May 2016 16:48:59 +0000 (09:48 -0700)
commitf91e47ce9e0d115016ed51e33356134260c5dc92
tree98cd74ff809c9fbfbf2089b8bd9542246898863dtree | snapshot
parentb3988ba1cec061921efc39d3e7cfda1917230a9ccommit | diff
SECURITY: Throw exception on unknown hash algorithm

To prevent a bad password configuration from accidentally allowing
users to bypass authentication, throw an exception if either hash or
hash_pbkdf2 return false.

Also, ensure md5() returned a sane hash.

Bug: T127420
Change-Id: If3664941236e4065eb8db11b0a211fd6210de631

Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
includes/password/MWOldPassword.php diff | blob | history
includes/password/MWSaltedPassword.php diff | blob | history
includes/password/Pbkdf2Password.php diff | blob | history
Wiklou, le Wiki du Wiklou