The string unsed in phpBB for generating the password hash is not the raw user input.
Buried somewhat deep in phpBB input handling:
PHP:
Read more
Continue reading...
Buried somewhat deep in phpBB input handling:
phpbb\request\type_cast_helper::set_varPHP:
Code:
public function set_var(&$result, $var, $type, $multibyte = false, $trim = true)
{
settype($var, $type);
$result = $var;
if ($type == 'string')
{
$result = str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result);
if ($trim)
{
$result =...Read more
Continue reading...
