From 3ea31a3679ab60903e3da833661b1f73fe1fa2bd Mon Sep 17 00:00:00 2001
From: Alexander Schnitzler <git@alexanderschnitzler.de>
Date: Mon, 11 May 2020 17:33:41 +0200
Subject: [PATCH] [TASK] Fix phpstan checkFunctionArgumentTypes errors in
 ext:core Crypto

This patch fixes incompatible type usage in function arguments
and is preparatory work for introducing native type hints and
strict mode in all core files.

Releases: master, 10.4
Resolves: #92262
Change-Id: I980c449d2b962d79952e6f0e6ecc84ecbda60cdb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65684
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Alexander Schnitzler <git@alexanderschnitzler.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Alexander Schnitzler <git@alexanderschnitzler.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
---
 .../Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php   | 2 +-
 .../Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php     | 4 ++--
 .../Classes/Crypto/PasswordHashing/PhpassPasswordHash.php     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php b/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php
index fa99aca09e7f..decb5e30ccb3 100644
--- a/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php
+++ b/typo3/sysext/core/Classes/Crypto/PasswordHashing/BlowfishPasswordHash.php
@@ -215,7 +215,7 @@ class BlowfishPasswordHash implements PasswordHashInterface
             if (!strncmp('$', $salt, 1)) {
                 if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
                     $isValid = true;
-                    $salt = substr($salt, strrpos($salt, '$') + 1);
+                    $salt = substr($salt, (int)strrpos($salt, '$') + 1);
                 } else {
                     $skip = true;
                 }
diff --git a/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php b/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php
index 8314870177d6..6da8345dc0a9 100644
--- a/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php
+++ b/typo3/sysext/core/Classes/Crypto/PasswordHashing/Pbkdf2PasswordHash.php
@@ -68,7 +68,7 @@ class Pbkdf2PasswordHash implements PasswordHashInterface
      */
     public function checkPassword(string $plainPW, string $saltedHashPW): bool
     {
-        return $this->isValidSalt($saltedHashPW) && hash_equals($this->getHashedPasswordInternal($plainPW, $saltedHashPW), $saltedHashPW);
+        return $this->isValidSalt($saltedHashPW) && hash_equals((string)$this->getHashedPasswordInternal($plainPW, $saltedHashPW), $saltedHashPW);
     }
 
     /**
@@ -237,7 +237,7 @@ class Pbkdf2PasswordHash implements PasswordHashInterface
             if (!strncmp('$', $salt, 1)) {
                 if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
                     $isValid = true;
-                    $salt = substr($salt, strrpos($salt, '$') + 1);
+                    $salt = substr($salt, (int)strrpos($salt, '$') + 1);
                 } else {
                     $skip = true;
                 }
diff --git a/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php b/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php
index 64365862d1e4..c25c9e210775 100644
--- a/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php
+++ b/typo3/sysext/core/Classes/Crypto/PasswordHashing/PhpassPasswordHash.php
@@ -252,7 +252,7 @@ class PhpassPasswordHash implements PasswordHashInterface
             if (!strncmp('$', $salt, 1)) {
                 if (!strncmp(self::PREFIX, $salt, strlen(self::PREFIX))) {
                     $isValid = true;
-                    $salt = substr($salt, strrpos($salt, '$') + 2);
+                    $salt = substr($salt, (int)strrpos($salt, '$') + 2);
                 } else {
                     $skip = true;
                 }
-- 
GitLab