From 9c255a3841db196e4a3585426306142eedd2ff64 Mon Sep 17 00:00:00 2001
From: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Date: Thu, 14 Jul 2011 12:11:51 +0200
Subject: [PATCH] [BUGFIX] stdWrap.hash: Return nothing for non-existing
 algorithm

Return an empty string to prevent disclosing information unhashed.

Change-Id: Id25b85de039797aa7e39225fb0e2b1c75207a505
Resolves: #28120
Reviewed-on: http://review.typo3.org/3324
Reviewed-by: Jo Hasenau
Tested-by: Jo Hasenau
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
---
 tests/typo3/sysext/cms/tslib/class.tslib_contentTest.php | 2 +-
 typo3/sysext/cms/tslib/class.tslib_content.php           | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/typo3/sysext/cms/tslib/class.tslib_contentTest.php b/tests/typo3/sysext/cms/tslib/class.tslib_contentTest.php
index 1543be3c1eeb..c9d6fd0611d8 100644
--- a/tests/typo3/sysext/cms/tslib/class.tslib_contentTest.php
+++ b/tests/typo3/sysext/cms/tslib/class.tslib_contentTest.php
@@ -753,7 +753,7 @@ class tslib_contentTest extends tx_phpunit_testcase {
 				array(
 					'hash' => 'non-existing'
 				),
-				'joh316'
+				''
 			),
 			'testing stdWrap capability' => array(
 				'joh316',
diff --git a/typo3/sysext/cms/tslib/class.tslib_content.php b/typo3/sysext/cms/tslib/class.tslib_content.php
index 9f2c33472c3c..8e77c1889019 100644
--- a/typo3/sysext/cms/tslib/class.tslib_content.php
+++ b/typo3/sysext/cms/tslib/class.tslib_content.php
@@ -2328,6 +2328,9 @@ class tslib_cObj {
 				: $conf['hash'];
 		if (function_exists('hash') && in_array($algorithm, hash_algos())) {
 			$content = hash($algorithm, $content);
+		} else {
+				// non-existing hashing algorithm
+			$content = '';
 		}
 		return $content;
 	}
-- 
GitLab