View Issue Details

IDProjectCategoryView StatusLast Update
0004172OXID eShop (all versions)4.07. Source code, Testpublic2014-10-27 15:28
ReporterFibreFoX Assigned To 
PrioritynormalSeveritytrivialReproducibilityalways
Status resolvedResolutionunable to reproduce 
Product Version4.6.1 revision 45706 
Target Version4.8.9 / 5.1.9 
Summary0004172: move (obsolete) code from method in oxuser to upgrade/update-script (getPasswordHash)
DescriptionAfter analyzing the password-generation in core/oxuser.php i recognized some compatibility-code:
        if ( $this->oxuser__oxpassword->value ) {
            if ( strpos( $this->oxuser__oxpassword->value, 'ox_' ) === 0 ) {
                // decodable pass ?
                $this->setPassword( oxUtils::getInstance()->strRem( $this->oxuser__oxpassword->value ) );
            } elseif ( strlen( $this->oxuser__oxpassword->value ) < 32 ) {
                // plain pass ?
                $this->setPassword( $this->oxuser__oxpassword->value );
            }
            $sHash = $this->oxuser__oxpassword->value;
        }

I think SETTING something in a GETTER is totally wrong (it is done in dozen of methods as i can remember). This should be made in an upgrade-method.

The method getPasswordHash() is only called in "out/admin/tpl/efire_downloader.tpl" for display-only, maybe its used somewhere else, but it should be noted in the changelogs.

I used latest CE version for analyzing.
TagsUser Management
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Relationships

related to 0004173 resolvedjurate.baseviciene Remove password-generation/hashing from database to php 

Activities

FibreFoX

2014-10-22 16:10

reporter   ~0010262

as far as i can see, this bug can be (finally) closed, its refactored since 4.9/5.2

jurate.baseviciene

2014-10-27 15:28

reporter   ~0010278

Bug is closed because we had refactor stuff since 4.9/5.2. Bug is not exist since version 4.9/5.2