From 78bee8b8b62f1ab4970c0b2b0265c17073ffb2be Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 10 Oct 2014 04:25:52 -0400
Subject: [PATCH] Fix regression in SHAA password generation in ldap driver of password plugin (#1490094)

---
 CHANGELOG                         |    1 +
 plugins/password/drivers/ldap.php |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 90149a3..d3c9aba 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -50,6 +50,7 @@
 - Fix page title when using search filter (#1490023)
 - Fix mbox files import
 - Fix setting flags on servers with no PERMANENTFLAGS response (#1490087)
+- Fix regression in SHAA password generation in ldap driver of password plugin (#1490094)
 
 RELEASE 1.0.3
 -------------
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index acd9687..340dd29 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -277,7 +277,7 @@
 
             if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                 $salt     = mhash_keygen_s2k(MHASH_SHA1, $password_clear, $salt, 4);
-                $password = mhash(MHASH_MD5, $password_clear . $salt);
+                $password = mhash(MHASH_SHA1, $password_clear . $salt);
             }
             else if (function_exists('sha1')) {
                 $salt     = substr(pack("H*", sha1($salt . $password_clear)), 0, 4);

--
Gitblit v1.9.1