Merge branch '2.3'

* 2.3: bumped Symfony version to 2.3.7 updated VERSION for 2.3.6 updated CHANGELOG for 2.3.6 bumped Symfony version to 2.2.10 updated VERSION for 2.2.9 update CONTRIBUTORS for 2.2.9 updated CHANGELOG for 2.2.9 [Security] limited the password length passed to encoders [HttpKernel] Fixed a test (compiler pass class name has been changed). assets:install command should mirror .dotfiles (.htaccess) PoFileDumper - PO headers removed whitespaces Conflicts: src/Symfony/Component/HttpKernel/Kernel.php src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php src/Symfony/Component/Security/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php src/Symfony/Component/Security/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php src/Symfony/Component/Security/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
author: Fabien Potencier <fabien.potencier@gmail.com> 2013-10-10 16:19:44 +0200
committer: Fabien Potencier <fabien.potencier@gmail.com> 2013-10-10 16:19:44 +0200
commit: c6bcb7699b39b8575cbd5527d9f65428500163ba (patch)
tree: c37394d4e3abd73ea35cc52c462f40e857b11b05 /Core/Encoder/PlaintextPasswordEncoder.php
parent: 8780aecc6088ec65909d68dfebd867dfa99a0d77 (diff)
parent: b6d302f1f0f1235aa376c180dcd289f38b3df70e (diff)
download: symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.zip
symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.gz
symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.bz2
1 files changed, 8 insertions, 2 deletions
diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php
index 55aad18..22f3da4 100644
--- a/Core/Encoder/PlaintextPasswordEncoder.php
+++ b/Core/Encoder/PlaintextPasswordEncoder.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
 /**
  * PlaintextPasswordEncoder does not do any encoding.
  *
@@ -35,7 +37,9 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder
      */
     public function encodePassword($raw, $salt)
     {
-        $this->checkPasswordLength($raw);
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
 
         return $this->mergePasswordAndSalt($raw, $salt);
     }
@@ -45,7 +49,9 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        $this->checkPasswordLength($raw);
+        if ($this->isPasswordTooLong($raw)) {
+            return false;
+        }
 
         $pass2 = $this->mergePasswordAndSalt($raw, $salt);
author	Fabien Potencier <fabien.potencier@gmail.com>	2013-10-10 16:19:44 +0200
committer	Fabien Potencier <fabien.potencier@gmail.com>	2013-10-10 16:19:44 +0200
commit	c6bcb7699b39b8575cbd5527d9f65428500163ba (patch)
tree	c37394d4e3abd73ea35cc52c462f40e857b11b05 /Core/Encoder/PlaintextPasswordEncoder.php
parent	8780aecc6088ec65909d68dfebd867dfa99a0d77 (diff)
parent	b6d302f1f0f1235aa376c180dcd289f38b3df70e (diff)
download	symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.zip symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.gz symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.bz2