Fix a _potential_ flaw in password_hash()
diff --git a/system/core/compat/password.php b/system/core/compat/password.php
index a9355d5..d5a017d 100644
--- a/system/core/compat/password.php
+++ b/system/core/compat/password.php
@@ -145,7 +145,10 @@
 		}
 
 		isset($options['cost']) OR $options['cost'] = 10;
-		return crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']));
+
+		return (strlen($password = crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']))) === 60)
+			? $password
+			: FALSE;
 	}
 }