diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/PassHash.class.php | 11 | ||||
| -rw-r--r-- | inc/config_cascade.php | 1 | ||||
| -rw-r--r-- | inc/events.php | 4 | ||||
| -rw-r--r-- | inc/load.php | 1 |
4 files changed, 15 insertions, 2 deletions
diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 3fb1349d2..d825057f0 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -316,6 +316,11 @@ class PassHash { * Uses salted MD5 hashs. Salt is 1+8 bytes long, 1st byte is the * iteration count when given, for null salts $compute is used. * + * The actual iteration count is the given count squared, maximum is + * 30 (-> 1073741824). If a higher one is given, the function throws + * an exception. + * + * @link http://www.openwall.com/phpass/ * @param string $clear - the clear text to hash * @param string $salt - the salt to use, null for random * @param string $magic - the hash identifier (P or H) @@ -330,6 +335,12 @@ class PassHash { } $iterc = $salt[0]; // pos 0 of salt is iteration count $iter = strpos($itoa64,$iterc); + + if($iter > 30){ + throw new Exception("Too high iteration count ($iter) in ". + __class__.'::'.__function__); + } + $iter = 1 << $iter; $salt = substr($salt,1,8); diff --git a/inc/config_cascade.php b/inc/config_cascade.php index 79567fc56..e4a3df353 100644 --- a/inc/config_cascade.php +++ b/inc/config_cascade.php @@ -66,6 +66,7 @@ $config_cascade = array_merge( ), 'plugins' => array( + 'default' => array(DOKU_CONF.'plugins.php'), 'local' => array(DOKU_CONF.'plugins.local.php'), 'protected' => array( DOKU_CONF.'plugins.required.php', diff --git a/inc/events.php b/inc/events.php index 621cb64c1..09f3f3c0c 100644 --- a/inc/events.php +++ b/inc/events.php @@ -149,8 +149,8 @@ class Doku_Event_Handler { * @param $method (function) event handler function * @param $param (mixed) data passed to the event handler */ - function register_hook($event, $advise, &$obj, $method, $param=null) { - $this->_hooks[$event.'_'.$advise][] = array(&$obj, $method, $param); + function register_hook($event, $advise, $obj, $method, $param=null) { + $this->_hooks[$event.'_'.$advise][] = array($obj, $method, $param); } function process_event(&$event,$advise='') { diff --git a/inc/load.php b/inc/load.php index 0572b5760..9f54034a3 100644 --- a/inc/load.php +++ b/inc/load.php @@ -49,6 +49,7 @@ function load_autoload($name){ static $classes = null; if(is_null($classes)) $classes = array( 'DokuHTTPClient' => DOKU_INC.'inc/HTTPClient.php', + 'HTTPClient' => DOKU_INC.'inc/HTTPClient.php', 'JSON' => DOKU_INC.'inc/JSON.php', 'adLDAP' => DOKU_INC.'inc/adLDAP.php', 'Diff' => DOKU_INC.'inc/DifferenceEngine.php', |