diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-06-13 09:21:46 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-06-13 09:21:46 +0200 |
| commit | 1a2c36aee50c9969a168437f7abbbfc03e5d78e6 (patch) | |
| tree | 9c59b9e5a73b7d661a028d2f2e6de2fa7ea43b52 /Core/Encoder | |
| parent | 58d09b3674e2c0c442fcf13d61869fe072b9bb08 (diff) | |
| download | symfony-security-1a2c36aee50c9969a168437f7abbbfc03e5d78e6.zip symfony-security-1a2c36aee50c9969a168437f7abbbfc03e5d78e6.tar.gz symfony-security-1a2c36aee50c9969a168437f7abbbfc03e5d78e6.tar.bz2 | |
[Security] fixed usage of the salt for the bcrypt encoder (refs #8210)
Diffstat (limited to 'Core/Encoder')
| -rw-r--r-- | Core/Encoder/BCryptPasswordEncoder.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index 3609f64..a355421 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -53,14 +53,24 @@ class BCryptPasswordEncoder extends BasePasswordEncoder * the "$2y$" salt prefix (which is not available in the early PHP versions). * @see https://github.com/ircmaxell/password_compat/issues/10#issuecomment-11203833 * + * It is almost best to **not** pass a salt and let PHP generate one for you. + * * @param string $raw The password to encode * @param string $salt The salt * * @return string The encoded password + * + * @link http://lxr.php.net/xref/PHP_5_5/ext/standard/password.c#111 */ public function encodePassword($raw, $salt) { - return password_hash($raw, PASSWORD_BCRYPT, array('cost' => $this->cost)); + $options = array('cost' => $this->cost); + + if ($salt) { + $options['salt'] = $salt; + } + + return password_hash($raw, PASSWORD_BCRYPT, $options); } /** |