@@ -52,19 +52,6 @@ void php_password_algo_unregister(const char *ident) {
5252 zend_hash_str_del (& php_password_algos , ident , strlen (ident ));
5353}
5454
55- static int php_password_salt_is_alphabet (const char * str , const size_t len ) /* {{{ */
56- {
57- size_t i = 0 ;
58-
59- for (i = 0 ; i < len ; i ++ ) {
60- if (!((str [i ] >= 'A' && str [i ] <= 'Z' ) || (str [i ] >= 'a' && str [i ] <= 'z' ) || (str [i ] >= '0' && str [i ] <= '9' ) || str [i ] == '.' || str [i ] == '/' )) {
61- return FAILURE ;
62- }
63- }
64- return SUCCESS ;
65- }
66- /* }}} */
67-
6855static int php_password_salt_to64 (const char * str , const size_t str_len , const size_t out_len , char * ret ) /* {{{ */
6956{
7057 size_t pos = 0 ;
@@ -123,65 +110,11 @@ static zend_string* php_password_make_salt(size_t length) /* {{{ */
123110/* }}} */
124111
125112static zend_string * php_password_get_salt (zval * unused_ , size_t required_salt_len , HashTable * options ) {
126- zend_string * buffer ;
127- zval * option_buffer ;
128-
129- if (!options || !(option_buffer = zend_hash_str_find (options , "salt" , sizeof ("salt" ) - 1 ))) {
130- return php_password_make_salt (required_salt_len );
131- }
132-
133- php_error_docref (NULL , E_DEPRECATED , "Use of the 'salt' option to password_hash is deprecated" );
134-
135- switch (Z_TYPE_P (option_buffer )) {
136- case IS_STRING :
137- buffer = zend_string_copy (Z_STR_P (option_buffer ));
138- break ;
139- case IS_LONG :
140- case IS_DOUBLE :
141- case IS_OBJECT :
142- buffer = zval_get_string (option_buffer );
143- break ;
144- case IS_FALSE :
145- case IS_TRUE :
146- case IS_NULL :
147- case IS_RESOURCE :
148- case IS_ARRAY :
149- default :
150- php_error_docref (NULL , E_WARNING , "Non-string salt parameter supplied" );
151- return NULL ;
152- }
153-
154- /* XXX all the crypt related APIs work with int for string length.
155- That should be revised for size_t and then we maybe don't require
156- the > INT_MAX check. */
157- if (ZEND_SIZE_T_INT_OVFL (ZSTR_LEN (buffer ))) {
158- php_error_docref (NULL , E_WARNING , "Supplied salt is too long" );
159- zend_string_release_ex (buffer , 0 );
160- return NULL ;
161- }
162-
163- if (ZSTR_LEN (buffer ) < required_salt_len ) {
164- php_error_docref (NULL , E_WARNING , "Provided salt is too short: %zd expecting %zd" , ZSTR_LEN (buffer ), required_salt_len );
165- zend_string_release_ex (buffer , 0 );
166- return NULL ;
113+ if (options && zend_hash_str_exists (options , "salt" , sizeof ("salt" ) - 1 )) {
114+ php_error_docref (NULL , E_WARNING , "The 'salt' option is no longer supported. The provided salt has been been ignored" );
167115 }
168116
169- if (php_password_salt_is_alphabet (ZSTR_VAL (buffer ), ZSTR_LEN (buffer )) == FAILURE ) {
170- zend_string * salt = zend_string_alloc (required_salt_len , 0 );
171- if (php_password_salt_to64 (ZSTR_VAL (buffer ), ZSTR_LEN (buffer ), required_salt_len , ZSTR_VAL (salt )) == FAILURE ) {
172- php_error_docref (NULL , E_WARNING , "Provided salt is too short: %zd" , ZSTR_LEN (buffer ));
173- zend_string_release_ex (salt , 0 );
174- zend_string_release_ex (buffer , 0 );
175- return NULL ;
176- }
177- zend_string_release_ex (buffer , 0 );
178- return salt ;
179- } else {
180- zend_string * salt = zend_string_alloc (required_salt_len , 0 );
181- memcpy (ZSTR_VAL (salt ), ZSTR_VAL (buffer ), required_salt_len );
182- zend_string_release_ex (buffer , 0 );
183- return salt ;
184- }
117+ return php_password_make_salt (required_salt_len );
185118}
186119
187120/* bcrypt implementation */
0 commit comments