[BUGFIX] Use saltedpasswords for scheduler user creation 60/36760/4
authorMarkus Klein <klein.t3@reelworx.at>
Mon, 9 Feb 2015 09:54:08 +0000 (10:54 +0100)
committerMarkus Klein <klein.t3@reelworx.at>
Wed, 11 Feb 2015 10:34:23 +0000 (11:34 +0100)
Remove the hardcoded md5-hashing and let saltedpasswords do that for us.

Resolves: #64936
Releases: master, 6.2
Change-Id: I608a2106690d64b3ac64a5657d6b4ffa4be721a1
Reviewed-on: http://review.typo3.org/36760
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Frederic Gaus <gaus@flagbit.de>
Tested-by: Frederic Gaus <gaus@flagbit.de>
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php

index 4b63021..c5b785d 100644 (file)
@@ -22,6 +22,8 @@ use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Backend\Utility\IconUtility;
 use TYPO3\CMS\Core\Messaging\FlashMessage;
+use TYPO3\CMS\Saltedpasswords\Salt\SaltFactory;
+use TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility;
 use TYPO3\CMS\Scheduler\Task\AbstractTask;
 
 /**
@@ -313,7 +315,11 @@ class SchedulerModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClas
                // If the user does not exist, try creating it
                if ($checkUser == -1) {
                        // Prepare necessary data for _cli_scheduler user creation
-                       $password = md5(uniqid('scheduler', TRUE));
+                       $password = uniqid('scheduler', TRUE);
+                       if (SaltedPasswordsUtility::isUsageEnabled()) {
+                               $objInstanceSaltedPW = SaltFactory::getSaltingInstance();
+                               $password = $objInstanceSaltedPW->getHashedPassword($password);
+                       }
                        $data = array('be_users' => array('NEW' => array('username' => '_cli_scheduler', 'password' => $password, 'pid' => 0)));
                        /** @var $tcemain \TYPO3\CMS\Core\DataHandling\DataHandler */
                        $tcemain = GeneralUtility::makeInstance(\TYPO3\CMS\Core\DataHandling\DataHandler::class);