diff --git a/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php index 58c64dbbede2..a1fe991cae33 100644 --- a/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php +++ b/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php @@ -77,6 +77,9 @@ protected function mergePasswordAndSalt($password, $salt) */ protected function comparePasswords($password1, $password2) { + settype($password1, 'string'); + settype($password2, 'string'); + if (strlen($password1) !== strlen($password2)) { return false; }