diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-09-16 14:00:03 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-09-23 09:15:09 +0200 |
| commit | 76e8abad8efbc5a988c1aa566b072d62e083faa9 (patch) | |
| tree | a38a749cd872a39216b3eaf6f51b752280f320ae /Core/Encoder/MessageDigestPasswordEncoder.php | |
| parent | 38c5dd30d7545490836456062abf49c213b972cb (diff) | |
| download | symfony-security-76e8abad8efbc5a988c1aa566b072d62e083faa9.zip symfony-security-76e8abad8efbc5a988c1aa566b072d62e083faa9.tar.gz symfony-security-76e8abad8efbc5a988c1aa566b072d62e083faa9.tar.bz2 | |
[Security] limited the password length passed to encoders
Diffstat (limited to 'Core/Encoder/MessageDigestPasswordEncoder.php')
| -rw-r--r-- | Core/Encoder/MessageDigestPasswordEncoder.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index a8bd553..efe1e5c 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -41,6 +41,8 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { + $this->checkPasswordLength($raw); + if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); } @@ -61,6 +63,8 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { + $this->checkPasswordLength($raw); + return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } } |