X-Git-Url: https://git.cyclocoop.org/admin/?a=blobdiff_plain;f=includes%2Fpassword%2FMWOldPassword.php;h=c48b6e61d57e32a4d98b8b709e27af53842107a4;hb=409da2d8b33b3c315653b802337fc7bcd66af0ed;hp=2150e562153f620155aa59f0b7ec09e36eb9f578;hpb=2f885ee6b797e5a176ce7b270b674a04b5945b06;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/password/MWOldPassword.php b/includes/password/MWOldPassword.php
index 2150e56215..c48b6e61d5 100644
--- a/includes/password/MWOldPassword.php
+++ b/includes/password/MWOldPassword.php
@@ -36,13 +36,19 @@ class MWOldPassword extends ParameterizedPassword {
 	}
 
 	public function crypt( $plaintext ) {
-		global $wgPasswordSalt;
-
-		if ( $wgPasswordSalt && count( $this->args ) === 1 ) {
+		if ( count( $this->args ) === 1 ) {
+			// Accept (but do not generate) salted passwords with :A: prefix.
+			// These are actually B-type passwords, but an error in a previous
+			// version of MediaWiki caused them to be written with an :A:
+			// prefix.
 			$this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
 		} else {
 			$this->args = [];
 			$this->hash = md5( $plaintext );
 		}
+
+		if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
+			throw new PasswordError( 'Error when hashing password.' );
+		}
 	}
 }