mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-01-26 21:54:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't accept objects for options in password_hash()

Browse Source 
This was likely a mixup of zpp modifiers in the original implementation.
Per the RFC only arrays should be accepted here.
This commit is contained in:
Nikita Popov 2019-10-29 13:20:22 +01:00
parent c43179fb6b
commit 63a20cb400
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ext/standard/password.c
View File

@ -614,7 +614,7 @@ PHP_FUNCTION(password_needs_rehash)
Z_PARAM_STR(hash)
Z_PARAM_ZVAL(znew_algo)
Z_PARAM_OPTIONAL
Z_PARAM_ARRAY_OR_OBJECT_HT(options)
Z_PARAM_ARRAY_HT(options)
ZEND_PARSE_PARAMETERS_END();
new_algo = php_password_algo_find_zval(znew_algo);
@ -663,7 +663,7 @@ PHP_FUNCTION(password_hash)
Z_PARAM_STR(password)
Z_PARAM_ZVAL(zalgo)
Z_PARAM_OPTIONAL
Z_PARAM_ARRAY_OR_OBJECT_HT(options)
Z_PARAM_ARRAY_HT(options)
ZEND_PARSE_PARAMETERS_END();
algo = php_password_algo_find_zval(zalgo);

10
ext/standard/tests/password/password_hash_error.phpt
View File

@ -12,7 +12,11 @@ try {
var_dump(password_hash("foo", array()));
var_dump(password_hash("foo", 19, new StdClass));
try {
var_dump(password_hash("foo", 19, new StdClass));
} catch (TypeError $e) {
echo $e->getMessage(), "\n";
}
try {
var_dump(password_hash("foo", PASSWORD_BCRYPT, "baz"));
@ -34,8 +38,6 @@ Warning: Array to string conversion in %s on line %d
Warning: password_hash(): Unknown password hashing algorithm: Array in %s on line %d
NULL
Warning: password_hash(): Unknown password hashing algorithm: 19 in %s on line %d
NULL
password_hash() expects parameter 3 to be array, object given
password_hash() expects parameter 3 to be array, string given
password_hash() expects parameter 1 to be string, array given