From 58ba28b0d36d3b823e8631814888f604dd82510d Mon Sep 17 00:00:00 2001
From: Paul Arthur <paul.arthur@flowerysong.com>
Date: Tue, 12 Feb 2013 10:49:11 -0500
Subject: Don't store plaintext passwords

http://dbareactions.tumblr.com/post/41455377237/when-i-see-app-passwords-stored-in-clear-text-in
---
 lib/class/catalog.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/class/catalog.class.php')

diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index 88d63674..1e2878bf 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -241,7 +241,7 @@ class Catalog extends database_object {
         $rename_pattern = $data['rename_pattern'];
         $sort_pattern = $data['sort_pattern'];
         $remote_username = $type == 'remote' ? $data['remote_username'] : '';
-        $remote_password = $type == 'remote' ? $data['remote_password'] : '';
+        $remote_password = $type == 'remote' ? hash('sha256', $data['remote_password']) : '';
 
         $sql = 'INSERT INTO `catalog` (`name`, `path`, `catalog_type`, ' .
             '`rename_pattern`, `sort_pattern`, `remote_username`, ' .
-- 
cgit