From: Jerome Jutteau Date: Fri, 21 Apr 2017 16:43:26 +0000 (+0000) Subject: [BUGFIX] Empty admin password should not generate hash X-Git-Tag: 3.2.0~1 X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/commitdiff_plain/e2d6cda643fb68b8f831ee7e4337d5e198cc83dd?hp=7efbeeb8655697f15071f6edfb99edaa72868c74 [BUGFIX] Empty admin password should not generate hash During installation, a empty admin password should put an empty password in configuration so admin interface is disabled. Before this fix, a empty password would be a valid password without disabling the admin interface. Signed-off-by: Jerome Jutteau --- diff --git a/install.php b/install.php index 2739bc8..b400988 100644 --- a/install.php +++ b/install.php @@ -154,7 +154,11 @@ if (isset($_POST['step']) && isset($_POST['next'])) { break; case 2: - $cfg['admin_password'] = hash('sha256', $_POST['admin_password']); + if (strlen($_POST['admin_password'])) { + $cfg['admin_password'] = hash('sha256', $_POST['admin_password']); + } else { + $cfg['admin_password'] = ''; + } jirafeau_export_cfg($cfg); break;