From e2d6cda643fb68b8f831ee7e4337d5e198cc83dd Mon Sep 17 00:00:00 2001 From: Jerome Jutteau Date: Fri, 21 Apr 2017 16:43:26 +0000 Subject: [PATCH] [BUGFIX] Empty admin password should not generate hash During installation, a empty admin password should put an empty password in configuration so admin interface is disabled. Before this fix, a empty password would be a valid password without disabling the admin interface. Signed-off-by: Jerome Jutteau --- install.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/install.php b/install.php index 2739bc8..b400988 100644 --- a/install.php +++ b/install.php @@ -154,7 +154,11 @@ if (isset($_POST['step']) && isset($_POST['next'])) { break; case 2: - $cfg['admin_password'] = hash('sha256', $_POST['admin_password']); + if (strlen($_POST['admin_password'])) { + $cfg['admin_password'] = hash('sha256', $_POST['admin_password']); + } else { + $cfg['admin_password'] = ''; + } jirafeau_export_cfg($cfg); break; -- 2.34.1