check for empty salt

This commit is contained in:
Thomas Portelange 2024-03-04 08:34:43 +01:00 committed by GitHub
parent e7bc8ae99f
commit eb4ef623ab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -520,18 +520,11 @@ class Member extends DataObject
// If the algorithm or salt is not available, it means we are operating // If the algorithm or salt is not available, it means we are operating
// on legacy account with unhashed password. Do not hash the string. // on legacy account with unhashed password. Do not hash the string.
if (!$this->PasswordEncryption) { if (!$this->PasswordEncryption || !$this->Salt) {
return $string; return $string;
} }
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
// If we don't have a salt, don't allow invalid calls to encrypt method
if (!$this->Salt) {
$this->Salt = $e->salt($string, $this);
$this->write();
}
return $e->encrypt($string, $this->Salt); return $e->encrypt($string, $this->Salt);
} }