[TASK] Reports module uses internal data of salted passwords
authorDmitry Dulepov <dmitry@typo3.org>
Mon, 28 Nov 2011 12:12:39 +0000 (14:12 +0200)
committerDmitry Dulepov <dmitry@typo3.org>
Mon, 6 Feb 2012 12:36:28 +0000 (13:36 +0100)
commit147184a3d86a3629053cf3c5b27aaab4a9b6324d
tree8072ba8ec8045060531726a4c5640af291f60e69
parentccf3b64668931d75309da7e0abc63e5c036d711f
[TASK] Reports module uses internal data of salted passwords

Reports module changes from issue #30695 introduced a check
for the saltedpasswords extension and a report about users,
whose passwords are not protected by the saltedpasswords.
That check queries database directly and uses internal
knowledge of saltedpasswords about marking the password
with certain characters. This can break reports module
if saltedpasswords adds a new scheme to salt passwords.
Only saltedpasswords should know about those prefixes.
Other extensions should use the API of saltedpasswords
to query the information.

Change-Id: Ifd1eefb8e823e17612e72253ad3594c3956099c2
Resolves: #32136
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/7407
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php
typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_div.php