Skip to content

Commit

Permalink
allow forward slashes in the bcrypt salt
Browse files Browse the repository at this point in the history 
The forward slash is a valid character in the encoding of the bcrypt salt.
As a consequence on some unit (the salt is derived from the unique id), the
salt was regarded as invalid and hence it was impossible to login.
  • Loading branch information
@jhofstee
jhofstee committed May 24, 2022
1 parent 2db5b9e commit 1193f2a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ function getSalt() {

// NOTE: be strict about the format, to prevent accidentally leaking secrets if
// a different format is used e.g.
if (!preg_match('/^\$2a\$08\$[A-Za-z0-9+\\.]{22}$/', $salt))
if (!preg_match('/^\$2a\$08\$[A-Za-z0-9+\\.\/]{22}$/', $salt))
return "";

return $salt;
Expand Down

0 comments on commit 1193f2a

Please sign in to comment.