diff options
| author | Anthony Ferrara <ircmaxell@gmail.com> | 2015-04-06 10:11:31 -0400 |
|---|---|---|
| committer | Anthony Ferrara <ircmaxell@gmail.com> | 2015-04-06 10:11:31 -0400 |
| commit | f2f6637ece3185e3e7a65c6399c74575f2ad90de (patch) | |
| tree | a4fbcd4d2f1eefa379adbf0595ffe206ae7c4854 | |
| parent | c859f7c11ef51f3a7bc5527b3df3f3830b620b0d (diff) | |
| parent | 6147131320e930186a37bc942ae067636302cf1c (diff) | |
| download | password_compat-f2f6637ece3185e3e7a65c6399c74575f2ad90de.zip password_compat-f2f6637ece3185e3e7a65c6399c74575f2ad90de.tar.gz password_compat-f2f6637ece3185e3e7a65c6399c74575f2ad90de.tar.bz2 | |
Merge pull request #79 from pine3ree/patch-1
force integer type for algo and cost
| -rw-r--r-- | lib/password.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/password.php b/lib/password.php index 805caa5..96f22eb 100644 --- a/lib/password.php +++ b/lib/password.php @@ -53,7 +53,7 @@ namespace { case PASSWORD_BCRYPT: $cost = PASSWORD_BCRYPT_DEFAULT_COST; if (isset($options['cost'])) { - $cost = $options['cost']; + $cost = (int) $options['cost']; if ($cost < 4 || $cost > 31) { trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); return null; @@ -205,13 +205,13 @@ namespace { */ function password_needs_rehash($hash, $algo, array $options = array()) { $info = password_get_info($hash); - if ($info['algo'] != $algo) { + if ($info['algo'] !== (int) $algo) { return true; } switch ($algo) { case PASSWORD_BCRYPT: - $cost = isset($options['cost']) ? $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; - if ($cost != $info['options']['cost']) { + $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; + if ($cost !== $info['options']['cost']) { return true; } break; @@ -311,4 +311,4 @@ namespace PasswordCompat\binary { } } -}
\ No newline at end of file +} |