diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-06-23 10:16:33 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-06-23 10:16:33 +0200 |
| commit | 7ce8f3e89bf87ab6920086fd4c6a620b86fe26b3 (patch) | |
| tree | 0a1061d27fab238c36481dc20b0905a61f36f413 | |
| parent | 5693e6edd2e4678305ba2c3868ad4d488056ae7e (diff) | |
| parent | 1a2c36aee50c9969a168437f7abbbfc03e5d78e6 (diff) | |
| download | symfony-security-7ce8f3e89bf87ab6920086fd4c6a620b86fe26b3.zip symfony-security-7ce8f3e89bf87ab6920086fd4c6a620b86fe26b3.tar.gz symfony-security-7ce8f3e89bf87ab6920086fd4c6a620b86fe26b3.tar.bz2 | |
Merge branch '2.3'
* 2.3: (33 commits)
[Form] fixed INF usage which does not work on Solaris (closes #8246)
Fix grammar
Removed PHP 5.5 from the allowed failures.
[Intl] Fixed tests failing on PHP 5.5
bumped Symfony version to 2.2.4
updated VERSION for 2.2.3
update CONTRIBUTORS for 2.2.3
updated CHANGELOG for 2.2.3
[DependencyInjection] Replaced try/catch block with an @expectedException annotation in a test.
[CssSelector] tweaked README file (closes #8287)
added a node about HTML extension in readme
[Console] Fixed the table rendering with multi-byte strings.
Feature/fix unit tests
[Process] Disable exception on stream_select timeout
[HttpFoundation] fixed issue with session_regenerate_id (closes #7380)
[DomCrawler] added a note about the default charset
Throw exception if value is passed to VALUE_NONE input, long syntax
fixed date type format pattern regex
[Security] fixed usage of the salt for the bcrypt encoder (refs #8210)
[FrameworkBundle] tweaked previous merge (refs #8242)
...
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
| -rw-r--r-- | Core/Encoder/BCryptPasswordEncoder.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index 3609f64..a355421 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -53,14 +53,24 @@ class BCryptPasswordEncoder extends BasePasswordEncoder * the "$2y$" salt prefix (which is not available in the early PHP versions). * @see https://github.com/ircmaxell/password_compat/issues/10#issuecomment-11203833 * + * It is almost best to **not** pass a salt and let PHP generate one for you. + * * @param string $raw The password to encode * @param string $salt The salt * * @return string The encoded password + * + * @link http://lxr.php.net/xref/PHP_5_5/ext/standard/password.c#111 */ public function encodePassword($raw, $salt) { - return password_hash($raw, PASSWORD_BCRYPT, array('cost' => $this->cost)); + $options = array('cost' => $this->cost); + + if ($salt) { + $options['salt'] = $salt; + } + + return password_hash($raw, PASSWORD_BCRYPT, $options); } /** |