From 9fe89442429b0671f02370112f5226c48507b305 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20Kr=C3=A4mer?=
 <florian.kraemer@kreative-design.net>
Date: Fri, 6 Oct 2017 15:12:49 +0200
Subject: [PATCH] #11253 Check hash algorithm availability

---
 src/Utility/Security.php                |  9 +++++++++
 tests/TestCase/Utility/SecurityTest.php | 14 ++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/Utility/Security.php b/src/Utility/Security.php
index 3bfc1c84e64..c1158210d3c 100644
--- a/src/Utility/Security.php
+++ b/src/Utility/Security.php
@@ -66,6 +66,15 @@ public static function hash($string, $type = null, $salt = false)
         }
         $type = strtolower($type);
 
+        $hashAlgos = hash_algos();
+        if (!in_array($type, $hashAlgos)) {
+            throw new RuntimeException(sprintf(
+                'The hash type `%s` was not found. Available algorithms are: %s',
+                $type,
+                implode(', ', $hashAlgos)
+            ));
+        }
+
         if ($salt) {
             if (!is_string($salt)) {
                 $salt = static::$_salt;
diff --git a/tests/TestCase/Utility/SecurityTest.php b/tests/TestCase/Utility/SecurityTest.php
index 36438a6cd69..f028241d3be 100644
--- a/tests/TestCase/Utility/SecurityTest.php
+++ b/tests/TestCase/Utility/SecurityTest.php
@@ -69,6 +69,20 @@ public function testHash()
         Security::setHash($_hashType);
     }
 
+    /**
+     * testInvalidHashTypeException
+     *
+     * @return void
+     */
+    public function testInvalidHashTypeException() {
+        try {
+            Security::hash('test', 'doesnotexist', false);
+            $this->fail('Expected \RuntimeException');
+        } catch (\RuntimeException $e) {
+            $this->assertTextContains('The hash type `doesnotexist` was not found. Available algorithms are:', $e->getMessage());
+        }
+    }
+
     /**
      * testRijndael method
      *