tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

check for empty salt

This commit is contained in:
Thomas Portelange 2024-03-04 08:34:43 +01:00 committed by GitHub
parent e7bc8ae99f
commit eb4ef623ab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Security/Member.php
View File

@ -520,18 +520,11 @@ class Member extends DataObject
// If the algorithm or salt is not available, it means we are operating
// on legacy account with unhashed password. Do not hash the string.
if (!$this->PasswordEncryption) {
if (!$this->PasswordEncryption || !$this->Salt) {
return $string;
}
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
// If we don't have a salt, don't allow invalid calls to encrypt method
if (!$this->Salt) {
$this->Salt = $e->salt($string, $this);
$this->write();
}
return $e->encrypt($string, $this->Salt);
}