Fix #78969 Make PASSWORD_DEFAULT match PASSWORD_BCRYPT instead of being null

kocsismate · kocsismate · commit ea1b8788773f · 2020-01-27T13:57:00.000+01:00
It was an unintentional BC break.
diff --git a/NEWS b/NEWS
@@ -43,6 +43,7 @@ PHP                                                                        NEWS
 
 - Standard:
   . Fixed bug #78902 (Memory leak when using stream_filter_append). (liudaixiao)
+  . Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null). (kocsismate)
 
 - Zip:
   . Add ZipArchive::CM_LZMA2 constant (since libzip 1.6.0). (remi)
diff --git a/UPGRADING b/UPGRADING
@@ -150,7 +150,7 @@ PHP 7.4 UPGRADE NOTES
   . Password hashing algorithm identifiers are now nullable strings rather
     than integers.
 
-     * PASSWORD_DEFAULT was int 1; now is null
+     * PASSWORD_DEFAULT was int 1; now is null in PHP <7.4.3 and string '2y' afterwards
      * PASSWORD_BCRYPT was int 1; now is string '2y'
      * PASSWORD_ARGON2I was int 2; now is string 'argon2i'
      * PASSWORD_ARGON2ID was int 3; now is string 'argon2id'
@@ -726,7 +726,7 @@ PHP 7.4 UPGRADE NOTES
   the INI directive opcache.cache_id. All processes with the same cache ID and
   user share an OPcache instance.
 
-- The OpenSSL default config path has been changed to 
+- The OpenSSL default config path has been changed to
   "C:\Program Files\Common Files\SSL\openssl.cnf" and
   "C:\Program Files (x86)\Common Files\SSL\openssl.cnf", respectively.
 
diff --git a/ext/standard/password.c b/ext/standard/password.c
@@ -496,7 +496,7 @@ const php_password_algo php_password_algo_argon2id = {
 PHP_MINIT_FUNCTION(password) /* {{{ */
 {
 	zend_hash_init(&php_password_algos, 4, NULL, ZVAL_PTR_DTOR, 1);
-	REGISTER_NULL_CONSTANT("PASSWORD_DEFAULT", CONST_CS | CONST_PERSISTENT);
+	REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", "2y", CONST_CS | CONST_PERSISTENT);
 
 	if (FAILURE == php_password_algo_register("2y", &php_password_algo_bcrypt)) {
 		return FAILURE;
diff --git a/ext/standard/tests/password/password_default.phpt b/ext/standard/tests/password/password_default.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Test that the value of PASSWORD_DEFAULT matches PASSWORD_BCRYPT
+--FILE--
+<?php
+echo PASSWORD_DEFAULT . "\n";
+echo PASSWORD_BCRYPT . "\n";
+--EXPECT--
+2y
+2y

Original file line number	Diff line number	Diff line change
`@@ -496,7 +496,7 @@ const php_password_algo php_password_algo_argon2id = {`
`496`	`496`	`PHP_MINIT_FUNCTION(password) /* {{{ */`
`497`	`497`	`{`
`498`	`498`	`zend_hash_init(&php_password_algos, 4, NULL, ZVAL_PTR_DTOR, 1);`
`499`		`- REGISTER_NULL_CONSTANT("PASSWORD_DEFAULT", CONST_CS \| CONST_PERSISTENT);`
	`499`	`+ REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", "2y", CONST_CS \| CONST_PERSISTENT);`
`500`	`500`
`501`	`501`	`if (FAILURE == php_password_algo_register("2y", &php_password_algo_bcrypt)) {`
`502`	`502`	`return FAILURE;`