Bug#1042824: Logging into SLBackup frontend returns error
Guido Berhoerster
guido at berhoerster.name
Wed Aug 2 13:57:22 BST 2023
There are actually two critical problems causing logins to fail:
1. usage of crypt() without a salt (not actually used for passwords
but as a hash function for some homemade encryption, see
https://salsa.debian.org/debian-edu-pkg-team/slbackup-php/-/blob/8eb0d468422cb3e06eed0092643d1bb4082f9b1c/src/index.php#L698)
2. a typo where the key is switched with the value while looping over
an associative array which causes an exception with PHP 8 since
the key is a string accessed as an associative array (see
https://salsa.debian.org/debian-edu-pkg-team/slbackup-php/-/blob/8eb0d468422cb3e06eed0092643d1bb4082f9b1c/src/index.php#L48)
--
Guido Berhoerster
More information about the Debian-edu-pkg-team
mailing list