[RSS Feed/News] phpBB3 password validation fails in some scenarios

Status
Not open for further replies.

XenForo

Administrative
  • Thread starter
  • Admin
  • #1
The string unsed in phpBB for generating the password hash is not the raw user input.

Buried somewhat deep in phpBB input handling:
phpbb\request\type_cast_helper::set_var

PHP:

Code:
public function set_var(&$result, $var, $type, $multibyte = false, $trim = true)
{
    settype($var, $type);
    $result = $var;

    if ($type == 'string')
    {
        $result = str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result);

        if ($trim)
        {
            $result =...

Read more

ادامه مطلب...
 
Status
Not open for further replies.
Back
Top Bottom