From eb4ef623abeeda8b3b4941261dd06ec6a88df826 Mon Sep 17 00:00:00 2001
From: Thomas Portelange <thomas@lekoala.be>
Date: Mon, 4 Mar 2024 08:34:43 +0100
Subject: [PATCH] check for empty salt

---
 src/Security/Member.php | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/Security/Member.php b/src/Security/Member.php
index 238c5c3f7..a511a9e3e 100644
--- a/src/Security/Member.php
+++ b/src/Security/Member.php
@@ -520,18 +520,11 @@ class Member extends DataObject
 
         // If the algorithm or salt is not available, it means we are operating
         // on legacy account with unhashed password. Do not hash the string.
-        if (!$this->PasswordEncryption) {
+        if (!$this->PasswordEncryption || !$this->Salt) {
             return $string;
         }
 
         $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
-
-        // If we don't have a salt, don't allow invalid calls to encrypt method
-        if (!$this->Salt) {
-            $this->Salt = $e->salt($string, $this);
-            $this->write();
-        }
-
         return $e->encrypt($string, $this->Salt);
     }