diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-10-10 15:12:30 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-10-10 15:12:30 +0200 |
| commit | b6d302f1f0f1235aa376c180dcd289f38b3df70e (patch) | |
| tree | 676aa0d8ce931531f31494da3f65a2d8f12bb967 /Core/Encoder/PlaintextPasswordEncoder.php | |
| parent | 5d889265454c4b094e894a14f0d9b4687fa644e1 (diff) | |
| parent | 41cbe3694a5332d7e5bdb285c81bbfe23f31a220 (diff) | |
| download | symfony-security-b6d302f1f0f1235aa376c180dcd289f38b3df70e.zip symfony-security-b6d302f1f0f1235aa376c180dcd289f38b3df70e.tar.gz symfony-security-b6d302f1f0f1235aa376c180dcd289f38b3df70e.tar.bz2 | |
Merge branch '2.2' into 2.3v2.3.6
* 2.2:
bumped Symfony version to 2.2.10
updated VERSION for 2.2.9
update CONTRIBUTORS for 2.2.9
updated CHANGELOG for 2.2.9
[Security] limited the password length passed to encoders
assets:install command should mirror .dotfiles (.htaccess)
PoFileDumper - PO headers
removed whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
Diffstat (limited to 'Core/Encoder/PlaintextPasswordEncoder.php')
| -rw-r--r-- | Core/Encoder/PlaintextPasswordEncoder.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php index c21f3cd..22f3da4 100644 --- a/Core/Encoder/PlaintextPasswordEncoder.php +++ b/Core/Encoder/PlaintextPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * PlaintextPasswordEncoder does not do any encoding. * @@ -35,6 +37,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } + return $this->mergePasswordAndSalt($raw, $salt); } @@ -43,6 +49,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { + if ($this->isPasswordTooLong($raw)) { + return false; + } + $pass2 = $this->mergePasswordAndSalt($raw, $salt); if (!$this->ignorePasswordCase) { |