Item14288: Merge origin/master

foswiki · Sep 20, 2017 · b635eb4 · b635eb4
2 parents 21e16cf + 3a3dbdf
commit b635eb4
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/UpdatesPlugin/templates/updatesplugin.tmpl b/UpdatesPlugin/templates/updatesplugin.tmpl
@@ -8,7 +8,7 @@
 </script>%TMPL:END%
 
 %TMPL:DEF{"messagetmpl::icon"}%%JQICON{"error"}%%TMPL:END%
-%TMPL:DEF{"messagetmpl::text"}%%MAKETEXT{"Warning: Updates found for [_1] extension(s): [_2]" arg1="{{:nrPlugins}}" arg2="{{:outdatedPlugins}}"}%%TMPL:END%
+%TMPL:DEF{"messagetmpl::text"}%%MAKETEXT{"Warning: Updates found for [_1] extension(s): [_2]" args="{{:nrPlugins}}, {{:outdatedPlugins}}"}%%TMPL:END%
 %TMPL:DEF{"messagetmpl::buttons"}%<a href="%SCRIPTURLPATH{configure}%">%JQICON{"tick"}% %MAKETEXT{"Upgrade"}%</a>
 <a href="#" id="foswikiUpdatesIgnore">%JQICON{"cross"}% %MAKETEXT{"Ignore for 7 days"}%</a>%TMPL:END%
 

diff --git a/core/lib/Foswiki.spec b/core/lib/Foswiki.spec
@@ -753,11 +753,12 @@ $Foswiki::cfg{AuthRealm} =
 # mod_perl. This option is not compatible with =plain= text passwords.
 $Foswiki::cfg{Htpasswd}{AutoDetect} = $TRUE;
 
-# **NUMBER LABEL="BCrypt Cost" DISPLAY_IF="{PasswordManager}=='Foswiki::Users::HtPasswdUser' && {Htpasswd}{Encoding}=='bcrypt'" CHECK="min:0 iff:'{PasswordManager}=~/:HtPasswdUser/ && {Htpasswd}{Encoding} eq q<bcrypt>'"**
+# **NUMBER LABEL="BCrypt Cost" DISPLAY_IF="{PasswordManager}=='Foswiki::Users::HtPasswdUser' && {Htpasswd}{Encoding}=='bcrypt'" CHECK="min:0 max:99 iff:'{PasswordManager}=~/:HtPasswdUser/ && {Htpasswd}{Encoding} eq q<bcrypt>'"**
 # Specify the cost that should be incurred when computing the hash of a
 # password.  This number should be increased as CPU speeds increase.
 # The iterations of the hash is roughly 2^cost - default is 8, or 256
-# iterations.
+# iterations.  *CAUTION* Larger values than 10 or 12 (1024 and 4096 iterations)
+# can require extreme amounts of CPU time.
 $Foswiki::cfg{Htpasswd}{BCryptCost} = 8;
 
 # **PASSWORD LABEL="Internal Admin Password" CHECK_ON_CHANGE="{FeatureAccess}{Configure}" CHECK="also:{FeatureAccess}{Configure}" ONSAVE**

diff --git a/core/lib/Foswiki/Users/HtPasswdUser.pm b/core/lib/Foswiki/Users/HtPasswdUser.pm
@@ -638,6 +638,10 @@ sub encrypt {
             return 0;
         }
 
+        my $cost = $Foswiki::cfg{Htpasswd}{BCryptCost};
+        $cost = 8 unless defined $cost;
+        $cost = sprintf( "%02d", $cost );
+
         my $salt;
         $salt = $this->fetchPass($login) unless $fresh;
         if ( $fresh || !$salt ) {
@@ -657,7 +661,7 @@ sub encrypt {
             $salt =
               Crypt::Eksblowfish::Bcrypt::en_base64(
                 Foswiki::encode_utf8($salt) );
-            $salt = '$2a$08$' . $salt;
+            $salt = '$2a$' . $cost . '$' . $salt;
         }
         $salt = substr( $salt, 0, 29 );
         return Crypt::Eksblowfish::Bcrypt::bcrypt(
@@ -976,7 +980,7 @@ sub findUserByEmail {
 __END__
 Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 
-Copyright (C) 2008-2014 Foswiki Contributors. Foswiki Contributors
+Copyright (C) 2008-2017 Foswiki Contributors. Foswiki Contributors
 are listed in the AUTHORS file in the root of this distribution.
 NOTE: Please extend that file, not this notice.