Bugfix #78208 Needs rehash with an unknown algo should always return true.

2 files changed, 10 insertions, 4 deletions

diff --git a/ext/standard/password.c b/ext/standard/password.c
index d91058bfc2..d7e12e852a 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -672,7 +672,7 @@ PHP_FUNCTION(password_needs_rehash)
 		Z_PARAM_ARRAY_OR_OBJECT_HT(options)
 	ZEND_PARSE_PARAMETERS_END();
 
-	new_algo = php_password_algo_find_zval_ex(znew_algo, NULL);
+	new_algo = php_password_algo_find_zval(znew_algo);
 	if (!new_algo) {
 		/* Unknown new algorithm, never prompt to rehash. */
 		RETURN_FALSE;
diff --git a/ext/standard/tests/password/password_needs_rehash.phpt b/ext/standard/tests/password/password_needs_rehash.phpt
index 688d57ed32..d88270884e 100644
--- a/ext/standard/tests/password/password_needs_rehash.phpt
+++ b/ext/standard/tests/password/password_needs_rehash.phpt
@@ -33,7 +33,11 @@ var_dump(password_needs_rehash('$2y$'.$cost.'$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.o
 // Should Issue Needs Rehash, Since Foo is cast to 0...
 var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 'foo')));
 
+// CRYPT_MD5
+var_dump(password_needs_rehash(crypt('Example', '$1$'), PASSWORD_DEFAULT));
 
+// CRYPT_SHA512 with 5000
+var_dump(password_needs_rehash(crypt('Example', '$6$rounds=5000$aa$'), PASSWORD_DEFAULT));
 
 echo "OK!";
 ?>
@@ -41,13 +45,15 @@ echo "OK!";
 bool(true)
 bool(true)
 bool(true)
-bool(false)
-bool(false)
-bool(false)
+bool(true)
+bool(true)
+bool(true)
 bool(false)
 bool(false)
 bool(true)
 bool(true)
 bool(false)
 bool(true)
+bool(true)
+bool(true)
 OK!