[TASK] Reports module uses internal data of salted passwords
Reports module changes from issue #30695 introduced a check for the saltedpasswords extension and a report about users, whose passwords are not protected by the saltedpasswords. That check queries database directly and uses internal knowledge of saltedpasswords about marking the password with certain characters. This can break reports module if saltedpasswords adds a new scheme to salt passwords. Only saltedpasswords should know about those prefixes. Other extensions should use the API of saltedpasswords to query the information. Change-Id: Iec27610c2227ed15537f37b53e1b26443b5a276f Resolves: #32136 Releases: 4.7, 4.6, 4.5 Reviewed-on: http://review.typo3.org/6953 Reviewed-by: Oliver Hader Tested-by: Oliver Hader Reviewed-by: Markus Klein Tested-by: Markus Klein Reviewed-by: Steffen Ritter Tested-by: Steffen Ritter
Showing
- typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php 1 addition, 6 deletions...status/class.tx_reports_reports_status_securitystatus.php
- typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_div.php 16 additions, 0 deletions.../saltedpasswords/classes/class.tx_saltedpasswords_div.php
Please register or sign in to comment