[TASK] Reports module uses internal data of salted passwords
authorDmitry Dulepov <dmitry@typo3.org>
Mon, 28 Nov 2011 12:12:39 +0000 (14:12 +0200)
committerSteffen Ritter <info@rs-websystems.de>
Fri, 16 Dec 2011 13:00:43 +0000 (14:00 +0100)
commit08c684f03f2b6f86829a32f0df70a1d63581feb9
tree68dcb3293c5261b40d7fc3b941eb838f43f23e27
parent1a1930c8214218a4e739baaf5ca9248126cacaed
[TASK] Reports module uses internal data of salted passwords

Reports module changes from issue #30695 introduced a check
for the saltedpasswords extension and a report about users,
whose passwords are not protected by the saltedpasswords.
That check queries database directly and uses internal
knowledge of saltedpasswords about marking the password
with certain characters. This can break reports module
if saltedpasswords adds a new scheme to salt passwords.
Only saltedpasswords should know about those prefixes.
Other extensions should use the API of saltedpasswords
to query the information.

Change-Id: Iec27610c2227ed15537f37b53e1b26443b5a276f
Resolves: #32136
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/6953
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php
typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_div.php