Skip the "crypt-blowfish without salt" test for HHVM #12668
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request for Issue
crypt-blowfish without salt
fails on HHVM due to facebook/hhvm#7420 since our default salt code for crypt-blowfish is resulting incrypt()
falling back to DES.A full fix is in #12428 but requires complicated sufficient regression tests to ensure a password generated pre-patch should still validate correctly post-patch. Since passwords for regression tests would need to be generated by a version of Joomla prior to 3.2.1 when
hashPassword()
andverifyPassword()
were implemented. this gets a bit complicated.Note: this function is completely removed in 4.0
Summary of Changes
This function is deprecated and no longer used in core, and since this portion of the test has a configuration issue on HHVM it is skipped. Rather that skipping the whole test, we skip only the singular test that is an issue due to the configuration of our "default salt".
Testing Instructions
HHVM will no longer report the failure of this deprecated function that is no longer used in core
Documentation Changes Required
none, although it has been suggested to mark
getCryptedPassword()
andgetSalt()
as "as potentially dangerous and only included for backwards compatibility, since 3.2.2 usehashPassword()
andverifyPassword()
and look forward to 4.0, wheregetCryptedPassword()
andgetSalt()
functions have been removed."