diff options
author | Yorhel <git@yorhel.nl> | 2009-07-31 11:45:35 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2009-07-31 11:45:35 +0200 |
commit | db551911f429359a30ffd76017451164ba81af50 (patch) | |
tree | 30e474fc9b88f6d0cd6b93eafb95165eb901ae7b /lib/VNDB/Util/Auth.pm | |
parent | 512ce5a8328f80b46e3598d2cc48c136f2862636 (diff) |
Added encode_utf8() on $salt and $pass in _authEncryptPass()
This forces $salt and $pass to be 'downgraded' to byte strings in case
we are given unicode strings (i.e. when fetched from database or YAWF).
This, in turn, prevents global_salt from 'upgrading', which allows
binary data to be used for this string.
Diffstat (limited to 'lib/VNDB/Util/Auth.pm')
-rw-r--r-- | lib/VNDB/Util/Auth.pm | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm index 519e5523..ce548a98 100644 --- a/lib/VNDB/Util/Auth.pm +++ b/lib/VNDB/Util/Auth.pm @@ -8,6 +8,7 @@ use Exporter 'import'; use Digest::MD5 'md5'; use Digest::SHA qw|sha1_hex sha256 sha256_hex|; use Time::HiRes; +use Encode 'encode_utf8'; use POSIX 'strftime'; @@ -117,9 +118,10 @@ sub _authCheck { # Arguments: self, pass, salt, binary mode # Returns: encrypted password sub _authEncryptPass{ - my ($self, $pass, $salt, $bin) = @_; - return sha256($self->{global_salt} . $pass . $salt) if $bin; - return sha256_hex($self->{global_salt} . $pass . $salt); + my($self, $pass, $salt, $bin) = @_; + my $str = $self->{global_salt} . encode_utf8($pass) . encode_utf8($salt); + return sha256($str) if $bin; + return sha256_hex($str); } |