Changeset 5367 in subversion
- Timestamp:
- Oct 26, 2011 7:53:23 AM (20 months ago)
- Location:
- trunk/plugins/password
- Files:
-
- 2 edited
-
drivers/sql.php (modified) (2 diffs)
-
package.xml (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/plugins/password/drivers/sql.php
r5323 r5367 38 38 if (strpos($sql, '%c') !== FALSE) { 39 39 $salt = ''; 40 if (CRYPT_MD5) { 41 $len = rand(3, CRYPT_SALT_LENGTH); 40 if (CRYPT_MD5) { 41 // Always use eight salt characters for MD5 (#1488136) 42 $len = 8; 42 43 } else if (CRYPT_STD_DES) { 43 44 $len = 2; … … 45 46 return PASSWORD_CRYPT_ERROR; 46 47 } 48 49 //Restrict the character set used as salt (#1488136) 50 $seedchars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 47 51 for ($i = 0; $i < $len ; $i++) { 48 $salt .= chr(rand(ord('.'), ord('z')));52 $salt .= $seedchars[rand(0, 63)]; 49 53 } 54 50 55 $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); 51 56 } -
trunk/plugins/password/package.xml
r5323 r5367 16 16 <active>yes</active> 17 17 </lead> 18 <date> </date>19 <time> </time>18 <date>2011-10-26</date> 19 <time>12:00</time> 20 20 <version> 21 <release> </release>21 <release>2.3</release> 22 22 <api>1.6</api> 23 23 </version> … … 32 32 - Added 'password_change' hook for plugin actions after successful password change 33 33 - Fixed bug where 'doveadm pw' command was used as dovecotpw utility 34 - Improve generated crypt() passwords (#1488136) 34 35 </notes> 35 36 <contents>
Note: See TracChangeset
for help on using the changeset viewer.
