archetecture security fix

This commit is contained in:
root
2026-06-11 03:22:12 -04:00
parent 6def9993da
commit 9483750161
3126 changed files with 177194 additions and 37211 deletions
+8 -2
View File
@@ -708,8 +708,14 @@ class User extends Authenticatable implements JWTSubject
{
if ($value === null || $value === '') return;
// Avoid double-hashing
$this->attributes['password'] = str_starts_with((string)$value, '$2y$')
$value = (string) $value;
$hashInfo = password_get_info($value);
$hashParts = preg_split('/[:$]/', $value);
$isPbkdf2Hash = is_array($hashParts) && count($hashParts) === 4;
// Avoid double-hashing when callers already pass a password_hash()
// value or one of the legacy PBKDF2 hashes used by this codebase.
$this->attributes['password'] = (($hashInfo['algo'] ?? null) !== null || $isPbkdf2Hash)
? $value
: Hash::make($value);
}