summaryrefslogtreecommitdiff
path: root/lib/VNDB/Util/Auth.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2009-07-31 11:45:35 +0200
committerYorhel <git@yorhel.nl>2009-07-31 11:45:35 +0200
commitdb551911f429359a30ffd76017451164ba81af50 (patch)
tree30e474fc9b88f6d0cd6b93eafb95165eb901ae7b /lib/VNDB/Util/Auth.pm
parent512ce5a8328f80b46e3598d2cc48c136f2862636 (diff)
Added encode_utf8() on $salt and $pass in _authEncryptPass()
This forces $salt and $pass to be 'downgraded' to byte strings in case we are given unicode strings (i.e. when fetched from database or YAWF). This, in turn, prevents global_salt from 'upgrading', which allows binary data to be used for this string.
Diffstat (limited to 'lib/VNDB/Util/Auth.pm')
-rw-r--r--lib/VNDB/Util/Auth.pm8
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index 519e5523..ce548a98 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -8,6 +8,7 @@ use Exporter 'import';
use Digest::MD5 'md5';
use Digest::SHA qw|sha1_hex sha256 sha256_hex|;
use Time::HiRes;
+use Encode 'encode_utf8';
use POSIX 'strftime';
@@ -117,9 +118,10 @@ sub _authCheck {
# Arguments: self, pass, salt, binary mode
# Returns: encrypted password
sub _authEncryptPass{
- my ($self, $pass, $salt, $bin) = @_;
- return sha256($self->{global_salt} . $pass . $salt) if $bin;
- return sha256_hex($self->{global_salt} . $pass . $salt);
+ my($self, $pass, $salt, $bin) = @_;
+ my $str = $self->{global_salt} . encode_utf8($pass) . encode_utf8($salt);
+ return sha256($str) if $bin;
+ return sha256_hex($str);
}