From fa89fc9e64446a462e83d0bee61453d67cdfa0f5 Mon Sep 17 00:00:00 2001
From: petajaros <petajaros@gmail.com>
Date: Tue, 8 Mar 2011 13:28:07 -0800
Subject: [PATCH] [Security] Bugfix - Ensure that both passwords are of string
 type. Function comparePasswords haven't been working properly for numeric
 (plaintype) passwords.

---
 .../Component/Security/Core/Encoder/BasePasswordEncoder.php    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
index 58c64dbbede2..a1fe991cae33 100644
--- a/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
+++ b/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
@@ -77,6 +77,9 @@ protected function mergePasswordAndSalt($password, $salt)
      */
     protected function comparePasswords($password1, $password2)
     {
+        settype($password1, 'string');
+        settype($password2, 'string');
+
         if (strlen($password1) !== strlen($password2)) {
             return false;
         }