Fix truncated password hash for documents and comments written by non-members, if member module is configured to use a hashing algorithm that produces more than 60 chars

2026-05-02 08:42:15 +09:00 · 2023-06-19 01:59:27 +09:00 · 2023-06-19 01:59:27 +09:00 · f34c27c26b
commit f34c27c26b
parent 10cd76d0be
3 changed files with 31 additions and 4 deletions
--- a/common/framework/Password.php
+++ b/common/framework/Password.php
@ -138,6 +138,33 @@ class Password
 		return $algorithm;
 	}

+	/**
+	 * Get the current default hashing algorithm, unless it will produce
+	 * hashes that are longer than 60 characters.
+	 *
+	 * In that case, this method returns the next best supported algorithm
+	 * that produces 60-character (or shorter) hashes. This helps maintain
+	 * compatibility with old tables that still have varchar(60) columns.
+	 *
+	 * @return string
+	 */
+	public static function getBackwardCompatibleAlgorithm()
+	{
+		$algorithm = self::getDefaultAlgorithm();
+		if (!in_array($algorithm, ['bcrypt', 'pbkdf2', 'sha1', 'md5']))
+		{
+			$candidates = self::getSupportedAlgorithms();
+			foreach ($candidates as $algorithm)
+			{
+				if (in_array($algorithm, ['bcrypt', 'pbkdf2', 'sha1', 'md5']))
+				{
+					return $algorithm;
+				}
+			}
+		}
+		return $algorithm;
+	}
+
 	/**
 	 * Get the currently configured work factor for bcrypt and other adjustable algorithms.
 	 *