Bugfix #78208 Needs rehash with an unknown algo should always return true.

diff --git a/ext/standard/password.c b/ext/standard/password.c
index d91058bfc21c1b56996585f957e726bcf5d61daf..d7e12e852ac523f8c9143dce4fec04782013e699 100644 (file)
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -672,7 +672,7 @@ PHP_FUNCTION(password_needs_rehash)
                Z_PARAM_ARRAY_OR_OBJECT_HT(options)
        ZEND_PARSE_PARAMETERS_END();
 
-       new_algo = php_password_algo_find_zval_ex(znew_algo, NULL);
+       new_algo = php_password_algo_find_zval(znew_algo);
        if (!new_algo) {
                /* Unknown new algorithm, never prompt to rehash. */
                RETURN_FALSE;

diff --git a/ext/standard/tests/password/password_needs_rehash.phpt b/ext/standard/tests/password/password_needs_rehash.phpt
index 688d57ed321a5f77d532194d1fc8cb18ac2f4c8b..d88270884e20e26f59faa620a7ec1b3eefee7895 100644 (file)
--- a/ext/standard/tests/password/password_needs_rehash.phpt
+++ b/ext/standard/tests/password/password_needs_rehash.phpt
@@ -33,7 +33,11 @@ var_dump(password_needs_rehash('$2y$'.$cost.'$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.o
 // Should Issue Needs Rehash, Since Foo is cast to 0...
 var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 'foo')));
 
+// CRYPT_MD5
+var_dump(password_needs_rehash(crypt('Example', '$1$'), PASSWORD_DEFAULT));
 
+// CRYPT_SHA512 with 5000
+var_dump(password_needs_rehash(crypt('Example', '$6$rounds=5000$aa$'), PASSWORD_DEFAULT));
 
 echo "OK!";
 ?>
@@ -41,13 +45,15 @@ echo "OK!";
 bool(true)
 bool(true)
 bool(true)
-bool(false)
-bool(false)
-bool(false)
+bool(true)
+bool(true)
+bool(true)
 bool(false)
 bool(false)
 bool(true)
 bool(true)
 bool(false)
 bool(true)
+bool(true)
+bool(true)
 OK!