[BUGFIX] Mark not set Install Tool password as secure

To completely disable the Install Tool you can just leave the `installToolPassword` value empty in your LocalConfiguration. Problem here is that not all password hashing methods can handle an empty value without giving PHP warnings. This patch changes the password check in reporting to skip the install password hashing/check when there is no password. Releases: master, 8.7 Resolves: #82147 Change-Id: I399a505544203fc40435f8e82b3baa5b6abd0da5 Reviewed-on: https://review.typo3.org/53757 Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl> Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Wolfgang Klinger <wolfgang@wazum.com> Reviewed-by: Joerg Boesche <typo3@joergboesche.de> Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by: Sebastian Fischer <typo3@evoweb.de> Reviewed-by: Benni Mack <benni@typo3.org> Tested-by: Benni Mack <benni@typo3.org>

[BUGFIX] Mark not set Install Tool password as secure
To completely disable the Install Tool you can just leave the `installToolPassword` value empty in your LocalConfiguration. Problem here is that not all password hashing methods can handle an empty value without giving PHP warnings. This patch changes the password check in reporting to skip the install password hashing/check when there is no password. Releases: master, 8.7 Resolves: #82147 Change-Id: I399a505544203fc40435f8e82b3baa5b6abd0da5 Reviewed-on: https://review.typo3.org/53757 Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl> Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Wolfgang Klinger <wolfgang@wazum.com> Reviewed-by: Joerg Boesche <typo3@joergboesche.de> Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by: Sebastian Fischer <typo3@evoweb.de> Reviewed-by: Benni Mack <benni@typo3.org> Tested-by: Benni Mack <benni@typo3.org>
2798e522 · Frans Saris · Benni Mack · 5ae3fc87 · 2798e522
Commit 2798e522 authored 7 years ago by Frans Saris Committed by Benni Mack 7 years ago
--- a/typo3/sysext/install/Classes/Report/SecurityStatusReport.php
+++ b/typo3/sysext/install/Classes/Report/SecurityStatusReport.php
@@ -52,7 +52,7 @@ class SecurityStatusReport implements \TYPO3\CMS\Reports\StatusProviderInterface
        $validPassword = true;
        $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
        $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
-        if (is_object($saltFactory)) {
+        if ($installToolPassword !== '' && is_object($saltFactory)) {
            $validPassword = !$saltFactory->checkPassword('joh316', $installToolPassword);
        } elseif ($installToolPassword === md5('joh316')) {
            $validPassword = false;