[commits] Horde branch master updated. a6267c6747973b74c6b58c2f2a75ad63c03389b6
Gunnar Wrobel
p at rdus.de
Thu Dec 9 17:02:00 UTC 2010
The branch "master" has been updated.
The following is a summary of the commits.
from: b10d3bd17fc601167864b64d57baad01dcc06b96
a6267c6 Bug #9438: Be less restrictive about the input to Horde_Secret::read/write()
-----------------------------------------------------------------------
commit a6267c6747973b74c6b58c2f2a75ad63c03389b6
Author: Gunnar Wrobel <p at rdus.de>
Date: Thu Dec 9 18:01:48 2010 +0100
Bug #9438: Be less restrictive about the input to Horde_Secret::read/write()
I originally assumed that it makes sense to pull the is_string() check
from Crypt_Blowfish into Horde_Secret (as Crypt_Blowfish would die on
anything not a string). I overlooked however that we had a strlen()
check before delegating to Crypt_Blowfish. As strlen(null) or
strlen(false) is int(0) both can be passed into
Horde_Secret::read/write() without causing problems.
Type casting the input into a string instead of checking the type
should fix the problems.
framework/Secret/lib/Horde/Secret.php | 10 +-------
framework/Secret/test/Horde/Secret/Unit/SecretTest.php | 18 ----------------
2 files changed, 2 insertions(+), 26 deletions(-)
http://git.horde.org/horde-git/-/commit/a6267c6747973b74c6b58c2f2a75ad63c03389b6
More information about the commits
mailing list