[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"

2019-12-02 21:59:03 +01:00 · 2019-12-02 21:59:03 +01:00 · 83a5517c01
commit 83a5517c01
parent cb429cd762
1 changed files with 7 additions and 1 deletions
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@ -421,7 +421,13 @@ class MainConfiguration implements ConfigurationInterface
                        ->performNoDeepMerging()
                        ->beforeNormalization()->ifString()->then(function ($v) { return ['algorithm' => $v]; })->end()
                        ->children()
-                            ->scalarNode('algorithm')->cannotBeEmpty()->end()
+                            ->scalarNode('algorithm')
+                                ->cannotBeEmpty()
+                                ->validate()
+                                    ->ifTrue(function ($v) { return !\is_string($v); })
+                                    ->thenInvalid('You must provide a string value.')
+                                ->end()
+                            ->end()
                            ->scalarNode('hash_algorithm')->info('Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms.')->defaultValue('sha512')->end()
                            ->scalarNode('key_length')->defaultValue(40)->end()
                            ->booleanNode('ignore_case')->defaultFalse()->end()