View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004172 | OXID eShop (all versions) | 4.07. Source code, Test | public | 2012-06-15 15:48 | 2014-10-27 15:28 |
| Reporter | FibreFoX | Assigned To | |||
| Priority | normal | Severity | trivial | Reproducibility | always |
| Status | resolved | Resolution | unable to reproduce | ||
| Product Version | 4.6.1 revision 45706 | ||||
| Target Version | 4.8.9 / 5.1.9 | ||||
| Summary | 0004172: move (obsolete) code from method in oxuser to upgrade/update-script (getPasswordHash) | ||||
| Description | After analyzing the password-generation in core/oxuser.php i recognized some compatibility-code: if ( $this->oxuser__oxpassword->value ) { if ( strpos( $this->oxuser__oxpassword->value, 'ox_' ) === 0 ) { // decodable pass ? $this->setPassword( oxUtils::getInstance()->strRem( $this->oxuser__oxpassword->value ) ); } elseif ( strlen( $this->oxuser__oxpassword->value ) < 32 ) { // plain pass ? $this->setPassword( $this->oxuser__oxpassword->value ); } $sHash = $this->oxuser__oxpassword->value; } I think SETTING something in a GETTER is totally wrong (it is done in dozen of methods as i can remember). This should be made in an upgrade-method. The method getPasswordHash() is only called in "out/admin/tpl/efire_downloader.tpl" for display-only, maybe its used somewhere else, but it should be noted in the changelogs. I used latest CE version for analyzing. | ||||
| Tags | User Management | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
| related to | 0004173 | resolved | jurate.baseviciene | Remove password-generation/hashing from database to php |
