Project

General

Profile

Actions

Bug #91970

closed

TCA eval saltedPassword can return null, behaving different than the old BackendEvaluator of ext:saltedpasswords which only returned string, leading to SQL errors

Added by S P over 4 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
DataHandler aka TCEmain
Target version:
-
Start date:
2020-08-11
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
no-brainer
Is Regression:
No
Sprint Focus:
Remote Sprint

Description

We have a custom field that uses the ext:saltedpasswords BackendEvaluator TCA validation to create salted passwords on a custom field.

After upgrading to v9 we switched to saltedPassword evaluation. This works for required fields, but not for optional fields in case an empty password is provided.

The old evaluator just returned the empty string if the entered password was empty. The new saltedPassword evaluation returns null however for empty strings. Which can lead to SQL errors if the column is defined as NOT NULL.

Our workaround is to explicitly trim after saltedPassword:

'eval' => 'password, saltedPassword, trim'

Either the new eval should be changed to return ?? '' or the new behaviour must be documented in the TCA docs.

(We use pbkdf2 if this matters.)

Actions #1

Updated by Oliver Hader almost 4 years ago

  • Is Regression changed from Yes to No
Actions #2

Updated by Oliver Hader almost 4 years ago

After upgrading to v9 we switched to saltedPassword evaluation.

Thus, it's not a regression - I've changed that

Complexity: no-brainer

Please go ahead and provide a patch. Thx in advance!

Actions #3

Updated by Oliver Hader almost 4 years ago

  • Status changed from New to Accepted
Actions #4

Updated by Mathias Schreiber over 2 years ago

  • Sprint Focus set to Remote Sprint
Actions #5

Updated by Larry Garfield over 2 years ago

  • Status changed from Accepted to Resolved

This is no longer relevant in TYPO3 v11, as the saltedPassword evaluator has been removed anyway.

Actions #6

Updated by Benni Mack about 2 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF