Decode plainpassword before check (#115)
When the user's password contains HTML special chars the password check would always fail if the the given plainpassword is not decoded first.
This commit is contained in:
parent
34d4f20222
commit
fb437b037e
@ -2311,6 +2311,7 @@ function pla_password_hash($password_clear,$enc_type) {
|
||||
* @return Boolean True if the clear password matches the hash, and false otherwise.
|
||||
*/
|
||||
function password_check($cryptedpassword,$plainpassword,$attribute='userpassword') {
|
||||
$plainpassword = htmlspecialchars_decode($plainpassword);
|
||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user