adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Force field validation to use sha1

Browse source 
When using blowfish as your application's hashing strategy, form field
validation would fail horribly.  Forcing sha1 fixes this and restores
behavior consistent with 2.2.x

Fixes #3280
This commit is contained in:
mark_story 2012-10-18 21:26:26 -04:00
parent 1cc82ff39f
commit f457f07b5c
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/Cake/Controller/Component/SecurityComponent.php
View file

@ -493,7 +493,7 @@ class SecurityComponent extends Component {
$fieldList += $lockedFields;
$unlocked = implode('|', $unlocked);
$check = Security::hash(serialize($fieldList) . $unlocked . Configure::read('Security.salt'));
$check = Security::hash(serialize($fieldList) . $unlocked . Configure::read('Security.salt'), 'sha1');
return ($token === $check);
}

2
lib/Cake/View/Helper/FormHelper.php
View file

@ -538,7 +538,7 @@ class FormHelper extends AppHelper {
$locked = implode(array_keys($locked), '|');
$unlocked = implode($unlockedFields, '|');
$fields = Security::hash(serialize($fields) . $unlocked . Configure::read('Security.salt'));
$fields = Security::hash(serialize($fields) . $unlocked . Configure::read('Security.salt'), 'sha1');
$out = $this->hidden('_Token.fields', array(
'value' => urlencode($fields . ':' . $locked),