Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

maintain hash_equals first argument which shouldn't be NULL. #662

Open
wants to merge 1 commit into
base: 1.9.4.x
from

Conversation

Projects
None yet
5 participants
@henrykbrzoska
Copy link
Contributor

commented Apr 15, 2019

rp_token come frome database default as NULL
!! here, function isResetPasswordLinkTokenExpired ( app/code/core/Mage/Adminhtml/Helper/Dashboard/Data.php ) will take it and it should be first!!
someone who know 'good patterns' can tell if it should be so or it should be like :
if (!isset($userToken) || !hash_equals($userToken, $resetPasswordLinkToken) || $user->isResetPasswordLinkTokenExpired()) {

Certainly, it should not remain like it is now.

effect isnt painful
just resetting password without active RP token throw error
Warning: hash_equals(): Expected known_string to be a string, null given in [...]app/code/core/Mage/Adminhtml/controllers/IndexController.php on line 394

maintain hash_equals first argument which shouldn't be NULL.
!! here, function isResetPasswordLinkTokenExpired ( app/code/core/Mage/Adminhtml/Helper/Dashboard/Data.php ) will take it and it should be first!!
someone who know 'good patterns' can tell if it should be so or it should be like :
        if (!isset($userToken) || !hash_equals($userToken, $resetPasswordLinkToken) || $user->isResetPasswordLinkTokenExpired()) {

@tbaden tbaden added the Review Needed label Jun 1, 2019

@wstnbrg

wstnbrg approved these changes Jun 2, 2019

@wstnbrg wstnbrg added Enough Reviews and removed Review Needed labels Jun 2, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.