diff options
author | Stefan Hacker <dd0t@users.sourceforge.net> | 2010-11-14 22:46:03 +0300 |
---|---|---|
committer | Stefan Hacker <dd0t@users.sourceforge.net> | 2010-11-14 22:46:33 +0300 |
commit | 53a32eb16f95d0665ecde6b158065a896dde38a9 (patch) | |
tree | 2117d8720d0c179d54204e37e0b5dd459b33891e /Authenticators/phpBB3 | |
parent | 4ccef21a0cc5562814d300491ba20c1bb3e7130d (diff) |
Prevent hash functions from choking in non ascii decodable input
Diffstat (limited to 'Authenticators/phpBB3')
-rw-r--r-- | Authenticators/phpBB3/phpBB3auth.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Authenticators/phpBB3/phpBB3auth.py b/Authenticators/phpBB3/phpBB3auth.py index 965a6ed..e05fb61 100644 --- a/Authenticators/phpBB3/phpBB3auth.py +++ b/Authenticators/phpBB3/phpBB3auth.py @@ -744,9 +744,9 @@ def _hash_crypt_private(password, settings, itoa64): if len(salt) != 8: return output - hash = md5(salt + password).digest() + hash = md5(unicode(salt + password).encode('utf8')).digest() while True: - hash = md5(hash + password).digest() + hash = md5(unicode(hash + password).encode('utf8')).digest() count = count - 1 if count <= 0: break @@ -765,7 +765,7 @@ def phpbb_check_hash(password, hash): if len(hash) == 34: return _hash_crypt_private(password, hash, itoa64) == hash - return md5(password).hexdigest() == hash + return md5(unicode(password).encode('utf8')).hexdigest() == hash # #--- Start of program |