From 9f89556c1bafab0d0a33ef4a82973c8cfb7bcfab Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 9 Jul 2018 22:30:35 +0200
Subject: [PATCH] [BUGFIX] Only use SaltedHashingMethods marked as available
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When determining the SaltedHashingMethod of a salted hash check only
SaltedHashingMethods which are marked as available.

Resolves: #85526
Releases: master, 8.7
Change-Id: I72ca88ce35c891dc149d0628543d30b6c4122407
Reviewed-on: https://review.typo3.org/57520
Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Xavier Perseguers <xavier@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
---
 typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php b/typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
index 642bff8b7da5..9a850a6125d9 100644
--- a/typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
+++ b/typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
@@ -128,7 +128,7 @@ class SaltFactory
         $methodFound = false;
         foreach ($registeredMethods as $method) {
             $objectInstance = GeneralUtility::makeInstance($method);
-            if ($objectInstance instanceof SaltInterface) {
+            if ($objectInstance instanceof SaltInterface && $objectInstance->isAvailable()) {
                 $methodFound = $objectInstance->isValidSaltedPW($saltedHash);
                 if ($methodFound) {
                     self::$instance = $objectInstance;
-- 
GitLab