Deprecate password_hash salt option

ircmaxell · ircmaxell · commit 94e222c14d61 · 2015-04-09T15:51:04.000-04:00
diff --git a/ext/standard/password.c b/ext/standard/password.c
@@ -346,6 +346,9 @@ PHP_FUNCTION(password_hash)
 	if (options && (option_buffer = zend_symtable_str_find(options, "salt", sizeof("salt")-1)) != NULL) {
 		char *buffer;
 		size_t buffer_len = 0;
+
+		php_error_docref(NULL, E_DEPRECATED, "Use of the 'salt' option to password_hash is deprecated");
+
 		switch (Z_TYPE_P(option_buffer)) {
 			case IS_STRING:
 				buffer = estrndup(Z_STRVAL_P(option_buffer), Z_STRLEN_P(option_buffer));
diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt
@@ -24,12 +24,18 @@ NULL
 Warning: password_hash(): Invalid bcrypt cost parameter specified: 32 in %s on line %d
 NULL
 
+Deprecated: password_hash(): Use of the 'salt' option to password_hash is deprecated in %s on line %d
+
 Warning: password_hash(): Provided salt is too short: 3 expecting 22 in %s on line %d
 NULL
 
+Deprecated: password_hash(): Use of the 'salt' option to password_hash is deprecated in %s on line %d
+
 Warning: password_hash(): Provided salt is too short: 21 expecting 22 in %s on line %d
 NULL
 
+Deprecated: password_hash(): Use of the 'salt' option to password_hash is deprecated in %s on line %d
+
 Warning: password_hash(): Provided salt is too short: 3 expecting 22 in %s on line %d
 NULL
 
diff --git a/ext/standard/tests/password/password_deprecated_salts.phpt b/ext/standard/tests/password/password_deprecated_salts.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Test deprecated operation of password_hash()
+--FILE--
+<?php
+//-=-=-=-
+
+
+var_dump(password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "usesomesillystringforsalt")));
+
+var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0))));
+
+echo "OK!";
+?>
+--EXPECTF--
+Deprecated: password_hash(): Use of the 'salt' option to password_hash is deprecated in %s on line %d
+string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi"
+
+Deprecated: password_hash(): Use of the 'salt' option to password_hash is deprecated in %s on line %d
+string(60) "$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y"
+OK!
+
diff --git a/ext/standard/tests/password/password_hash.phpt b/ext/standard/tests/password/password_hash.phpt
@@ -10,16 +10,9 @@ $hash = password_hash("foo", PASSWORD_BCRYPT);
 
 var_dump($hash === crypt("foo", $hash));
 
-var_dump(password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "usesomesillystringforsalt")));
-
-var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0))));
-
 echo "OK!";
 ?>
 --EXPECT--
 int(60)
 bool(true)
-string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi"
-string(60) "$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y"
-OK!
-
+OK!
diff --git a/ext/standard/tests/password/password_hash_error.phpt b/ext/standard/tests/password/password_hash_error.phpt
@@ -41,8 +41,12 @@ NULL
 Warning: password_hash() expects parameter 1 to be string, array given in %s on line %d
 NULL
 
+Deprecated: password_hash(): Use of the 'salt' option to password_hash is deprecated in %s on line %d
+
 Warning: password_hash(): Non-string salt parameter supplied in %s on line %d
 NULL
 
+Deprecated: password_hash(): Use of the 'salt' option to password_hash is deprecated in %s on line %d
+
 Warning: password_hash(): Provided salt is too short: 4 expecting 22 in %s on line %d
 NULL
