summaryrefslogtreecommitdiff
path: root/install.php
diff options
context:
space:
mode:
authorDries Buytaert <dries@buytaert.net>2010-01-14 18:45:17 +0000
committerDries Buytaert <dries@buytaert.net>2010-01-14 18:45:17 +0000
commitf818dfe90847f350167055f6207befdc2e4e0f14 (patch)
tree69dbd521a79b971912f53bca339fa5060c62cbb8 /install.php
parent913f2c3a3e3ed55b33f2fffeeec407520aa5d62a (diff)
downloadbrdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.gz
brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.bz2
- Patch #590656 by pwolanin, Pasqualle: harden one-time login links against vulnerability from disclosure of SQL backups, or SQL 'SELECT' injection.
Diffstat (limited to 'install.php')
-rw-r--r--install.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/install.php b/install.php
index 0b9dddd87..f4da1bb55 100644
--- a/install.php
+++ b/install.php
@@ -1002,6 +1002,10 @@ function install_settings_form_submit($form, &$form_state) {
'value' => $form_state['values']['db_prefix'],
'required' => TRUE,
);
+ $settings['drupal_hash_salt'] = array(
+ 'value' => sha1(drupal_random_bytes(64)),
+ 'required' => TRUE,
+ );
drupal_rewrite_settings($settings);
// Indicate that the settings file has been verified, and check the database
// for the last completed task, now that we have a valid connection. This